Get the AD and User accounts list based on last Logon Date through PowerShell

To Get the Services Accounts

Get-ADUser -Filter 'Name -like "*SvcAccount"' | FT Name,SamAccountName

To get the user account krbtgt Properties.

Get-ADUser krbtgt -Properties Name | FT Name, createTimeStamp, LastLogonDate, whenCreated, DistinguishedName

To Search the complete Organization Unit Finance for user details.

Get-ADUser -Filter * -SearchBase "OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM"

To get the user account Madhu Properties with formating Table option.

Get-ADUser Madhu -Properties Name | FT Name, LastLogonDate, DistinguishedName, Enabled -AutoSize | Out-String -Width 400

To get the list of User account who are reporting since last 90 Days through last logon date and importing the results a file ADUSR.txt

$d = [DateTime]::Today.AddDays(-90); Get-ADUser -Filter 'LastLogonDate -ge $d' -Properties LastLogonDate | FT Name,createTimeStamp, LastLogonDate, whenCreated, DistinguishedName | Format-Table -AutoSize | Out-String -Width 400 > C:\reports\ADUSR.txt

Below list is PowerShell commands.

Here is the command to get AD computer accounts which are reporting to AD less than 90 days based on last logon date.

$d = [DateTime]::Today.AddDays(-2000); Get-ADComputer -Filter 'LastLogonDate -ge $d' -Properties LastLogonDate | FT Name, Enabled, LastLogonDate

Here is the commands list the get AD computer accounts which are set their password less than 90 days

$d = [DateTime]::Today.AddDays(-90); Get-ADComputer -Filter 'PasswordLastSet -ge $d' -Properties PasswordLastSet | FT Name,PasswordLastSet

Execute the below command to retrieve the Last Logon time stamp for computer account by executing the below command

Get-ADComputer -Filter 'Enabled -eq "False"' -Properties LastLogonDate |FT Name,LastLogonDate

Restore a deleted Active Directory object with PowerShell

Run Windows PowerShell as Administrator.

Start by loading the Active Directory module for Windows PowerShell:

Import-Module ActiveDirectory

List all deleted users (for some reason computer objects also are included when you use objectclass -eq “user):

get-adobject -filter ‘objectclass -eq “user” -AND IsDeleted -eq $True’ -IncludeDeletedObjects -properties IsDeleted,LastKnownParent | Format-List Name,IsDeleted,LastKnownParent,DistinguishedName

List all deleted groups:

get-adobject -filter ‘objectclass -eq “group” -AND IsDeleted -eq $True’ -IncludeDeletedObjects -properties IsDeleted,LastKnownParent | Format-List Name,IsDeleted,LastKnownParent,DistinguishedName

List all deleted computers:

get-adobject -filter ‘objectclass -eq “group” -AND IsDeleted -eq $True’ -IncludeDeletedObjects -properties IsDeleted,LastKnownParent | Format-List Name,IsDeleted,LastKnownParent,DistinguishedName

List all deleted objects:

get-adobject -filter ‘IsDeleted -eq $True’ -IncludeDeletedObjects -properties IsDeleted,LastKnownParent | Format-List Name,IsDeleted,LastKnownParent,DistinguishedName

If you want the output in a text file:
1. Create a script file named list_deleted_users.ps1 and save it to C:\Script\.
2. Use the follwong code in the script:


Import-Module ActiveDirectory

get-adobject -filter ‘objectclass -eq “user” -AND IsDeleted -eq $True’ -IncludeDeletedObjects -properties IsDeleted,LastKnownParent | Format-List Name,IsDeleted,LastKnownParent,DistinguishedName
3. Save the script file.

4. In PowerShell navigate to C:\Script and run the following command:

.\list_deleted_users.ps1 > output.txt

5. You will now have the output from the script in C:\Script\output.txt.
To restore an object named Daniel Svensson:

get-adobject -filter ‘name -like “Daniel Svensson*”‘ -IncludeDeletedObjects | Restore-ADObject

To test the restore you can use –whatif.

get-adobject -filter ‘name -like “Daniel Svensson*”‘ -IncludeDeletedObjects | Restore-ADObject –whatif

- Srinivas.

Determine the tombstone lifetime for the forest

Determine the tombstone lifetime for the forest

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server 2008 Foundation, Windows Server 2008 R2, Windows Server 2008 R2 Foundation, Windows Server 2012

The tombstone lifetime in an Active Directory forest determines how long a deleted object (called a “tombstone”) is retained in Active Directory Domain Services (AD DS). The tombstone lifetime is determined by the value of the tombstoneLifetime attribute on the Directory Service object in the configuration directory partition.

You can use this procedure to determine the tombstone lifetime for the forest.

Membership in Domain Users, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (http://go.microsoft.com/fwlink/?LinkId=83477).

To determine the tombstone lifetime for the forest using ADSIEdit

1. Click Start, point to Administrative Tools, and then click ADSI Edit.
2. In ADSI Edit, right-click ADSI Edit, and then click Connect to.
3. For Connection Point, click Select a well known Naming Context, and then click Configuration.
4. If you want to connect to a different domain controller, for Computer, click Select or type a domain or server: (Server | Domain [:port]). Provide the server name or the domain name and Lightweight Directory Access Protocol (LDAP) port (389), and then click OK.
5. Double-click Configuration, CN=Configuration,DC=ForestRootDomainName, CN=Services, and CN=Windows NT.
6. Right-click CN=Directory Service, and then click Properties.
7. In the Attribute column, click tombstoneLifetime.
8. Note the value in the Value column. If the value is <not set>, the value is 60 days.

To determine the tombstone lifetime for the forest using Dsquery

1. Open a Command Prompt window. To open a command prompt, click Start, click Run, type cmd, and then press ENTER.
2. At the command prompt, type the following command, and then press ENTER:

dsquery * "cn=directory service,cn=windows nt,cn=services,cn=configuration,dc=<forestDN>" –scope base –attr tombstonelifetime

Be sure to replace <forestDN> with the actual distinguished name of the forest. For example, if your forest name is xyz.com, type the following, and then press ENTER

dsquery * "cn=directory service,cn=windowsn t,cn=services,cn=configuration,dc=xyz,dc=com" -scope base -attr tombstonelifetime

Active Directory Recycle Bin Feature in Windows Server 2008 R2

Active Directory Recycle Bin Feature in Windows Server 2008 R2

Prerequisites to enable the Active Directory Recycle Bin Feature:

Active Directory Forest Functional Level must be raised to Windows Server 2008 R2, you can do the same by Executing the below PowerShell Command.

                To Get the Forest Functional Level

                                Get-ADForest

                Raise the Functional Level to Windows Server2008 R2

                                Get-ADForest | Set-ADForestMode -ForestMode Windows2008R2Forest

1.       Enable the Active Directory Recycle Bin Feature by executing below Command.

To enable the Recycle Bin Feature in Windows Server 2008 R2 type the below PowerShell Command

Enable-ADOptionalFeature –Identity “Recycle Bin Feature” –Scope “ForestOrConfigurationSet” –Target “xyz.com”

2.       Get the List of Objects deleted from AD.

To get the list of deleted User Objects enter the below PowerShell Command

Get-ADObject -SearchBase "CN=Deleted Objects,DC=xyz,DC=com" -filter {Objectclass -eq "user"} -includeDeletedObject | Format-Table Displayname , ObjectClass , ObjectGUID

3.       Restore the Specific User Object deleted.

After you got the list of deleted user objects and you can restore a User Object test1by using below PowerShell Command.

Get-ADObject -Filter {DisplayName -eq "test1"} -includedeletedObjects | Restore-ADObject -Confirm:$False

4.       Check the Object Attributes correctly restored or not.