Forum Discussion

JakobRohde's avatar
JakobRohde
Iron Contributor
Sep 22, 2017

List all users' last login date

Is it possible, using PowerShell, to list all AAD users' last login date (no matter how they logged in)? I have found a couple of scripts that check the last mailbox login, but that is not what we ne...
Azure Active Directory (AAD)
Staniko's avatar
Staniko
Copper Contributor
Jul 29, 2021

JakobRohde this is a classic Microsoft 365 housekeeping task and question. A pity Microsoft is not offering something out of the box.

 

I would suggest following Powershell script, which returns not only your users last login date as CSV file, but also assigned licenses. This way you may check whether there is someone not logging in and consuming licenses.

 

 

 

Install-Module AzureADPreview -AllowClobber -Force

Connect-AzureAD

$usersexport = [system.collections.arraylist]@()

Get-AzureADUser | % {
    $User = $_
    $UPN = $User.UserPrincipalName
    
    Write-Output "Start analysing $UPN"

    $LoginTime = Get-AzureAdAuditSigninLogs -top 1 -filter "userprincipalname eq '$UPN'" | select CreatedDateTime
    $Licenses = Get-AzureADUserLicenseDetail -ObjectId $User.ObjectId | % { $_.ServicePlans | Where {$_.AppliesTo -eq "User"}} | select -ExpandProperty ServicePlanName
    
    $Export = [pscustomobject]@{
        'DisplayName' = $User.DisplayName; 
        'UserPrincipalName' = $UPN;
        'LastSignInDate' = $LoginTime.CreatedDateTime;
        'Licenses' = $Licenses -join ",";
    }
    
    $usersexport.Add($Export)
    
    Write-Output $Export
}
$usersexport | Export-CSV $Home\LastLogonDate.csv

 

 

 

  • Michele_Formica's avatar
    Michele_Formica
    Copper Contributor
    Mar 29, 2023

    Staniko 

     

    i tried this script and it works very well thanks. But I have a problem the results stop after about 100 users. 

  • Joe_Ghaleb's avatar
    Joe_Ghaleb
    Copper Contributor
    Mar 24, 2023
    i ran the script but it's giving me empty results on the LastSignInDate, do you know why this is happening?
  • Dia_2's avatar
    Dia_2
    Copper Contributor
    Apr 25, 2022
    This is great! how would you set the script to run aganst a specific dynamic cloud security group?
  • jjdmsgc's avatar
    jjdmsgc
    Copper Contributor
    Aug 12, 2021

    Staniko 

    Thank you for the above, looks exactly what I need but am getting the following error when running an elevated ISE PowerShell window:

     

    Get-AzureAdAuditSigninLogs : The term 'Get-AzureAdAuditSigninLogs' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try
    again.
    At line:9 char:18
    + $LoginTime = Get-AzureAdAuditSigninLogs -top 1 -filter "userprinc ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : ObjectNotFound: (Get-AzureAdAuditSigninLogs:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

    Any ideas? 🙂

    • BasSterkenburg's avatar
      BasSterkenburg
      Copper Contributor
      Aug 26, 2021

      Found on a Github post:
      So solution was to restart Powershell and login to Azure AD using Connect-AzureAD from AzureADPreview module:

      AzureADPreview\Connect-AzureAD


      After that cmdlet became available.

      • Deleted's avatar
        Deleted
        Aug 31, 2021

        Get-AzureADAuditSignInLogs returns the events from the last month only, doesn't it? 

    • Staniko's avatar
      Staniko
      Copper Contributor
      Aug 12, 2021

      jjdmsgc Did the module install correctly? Did you run Powershell as admin? What does the command  

      Install-Module AzureADPreview -AllowClobber -Force

       return? 

      • jjdmsgc's avatar
        jjdmsgc
        Copper Contributor
        Aug 12, 2021
        Ran and installed fine, then signed in with a global admin account for the tenancy I want to run it on and script fails on that line.

        When I remove that line it runs and exports the information minus the login info etc. so problem is local to that line! 😞 Thank you for the swift reply.

Resources