Sep 22 2017
01:51 AM
- last edited on
Jan 14 2022
05:29 PM
by
TechCommunityAP
Sep 22 2017
01:51 AM
- last edited on
Jan 14 2022
05:29 PM
by
TechCommunityAP
Is it possible, using PowerShell, to list all AAD users' last login date (no matter how they logged in)? I have found a couple of scripts that check the last mailbox login, but that is not what we need, because we also want to list unlicensed users.
May 02 2020 07:24 AM
May 05 2020 01:01 AM
@Robert Bollinger How to get this out in a CSV?
Jun 08 2020 08:14 AM
Trying to sing in to Graph Explorer and get an error:
Sorry, but we’re having trouble signing you in.
Jun 08 2020 08:18 AM
Jun 08 2020 08:40 AM
I'm having this issue ever since they GAd the "preview" version, even opened a GitHub issue on it. Removing/reconsenting to the explorer app did nothing in my case, and moreover why the hell should case sensitivity matter... Programmers! :)
Jun 09 2020 04:12 AM
Yes, first time trying to login. i'm one and only Global Admin at my tenant. Can this issue be connected to tenant type? I mean does it matter Corporate licence or Personal licence tenant belong to?
Jun 09 2020 05:07 AM
It shouldn't matter.
But the fact that @Vasil Michev has the same issue, suggests that it's a global issue.
Vasil, could you link the Github issue you created please?
Maybe aero can share his experience as well
Jun 09 2020 09:37 AM
Nobody bothered to even look at it for 20 days, but sure: https://github.com/microsoftgraph/microsoft-graph-explorer/issues/422
Jan 08 2021 05:26 AM
Jul 29 2021 08:33 AM - edited Jul 29 2021 08:37 AM
@Jakob Rohde this is a classic Microsoft 365 housekeeping task and question. A pity Microsoft is not offering something out of the box.
I would suggest following Powershell script, which returns not only your users last login date as CSV file, but also assigned licenses. This way you may check whether there is someone not logging in and consuming licenses.
Install-Module AzureADPreview -AllowClobber -Force
Connect-AzureAD
$usersexport = [system.collections.arraylist]@()
Get-AzureADUser | % {
$User = $_
$UPN = $User.UserPrincipalName
Write-Output "Start analysing $UPN"
$LoginTime = Get-AzureAdAuditSigninLogs -top 1 -filter "userprincipalname eq '$UPN'" | select CreatedDateTime
$Licenses = Get-AzureADUserLicenseDetail -ObjectId $User.ObjectId | % { $_.ServicePlans | Where {$_.AppliesTo -eq "User"}} | select -ExpandProperty ServicePlanName
$Export = [pscustomobject]@{
'DisplayName' = $User.DisplayName;
'UserPrincipalName' = $UPN;
'LastSignInDate' = $LoginTime.CreatedDateTime;
'Licenses' = $Licenses -join ",";
}
$usersexport.Add($Export)
Write-Output $Export
}
$usersexport | Export-CSV $Home\LastLogonDate.csv
Aug 12 2021 02:28 AM
@Staniko
Thank you for the above, looks exactly what I need but am getting the following error when running an elevated ISE PowerShell window:
Get-AzureAdAuditSigninLogs : The term 'Get-AzureAdAuditSigninLogs' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try
again.
At line:9 char:18
+ $LoginTime = Get-AzureAdAuditSigninLogs -top 1 -filter "userprinc ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Get-AzureAdAuditSigninLogs:String) [], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
Any ideas? :)
Aug 12 2021 02:34 AM
@jjdmsgc Did the module install correctly? Did you run Powershell as admin? What does the command
Install-Module AzureADPreview -AllowClobber -Force
return?
Aug 12 2021 02:40 AM
Aug 13 2021 05:15 AM
@jjdmsgc seems to be an ISE issue, try it with the normal powershell window.
The command reference, just in case:
Aug 26 2021 06:55 AM - edited Aug 26 2021 06:57 AM
Found on a Github post:
So solution was to restart Powershell and login to Azure AD using Connect-AzureAD from AzureADPreview module:
AzureADPreview\Connect-AzureAD
After that cmdlet became available.
Aug 31 2021 11:00 AM
Get-AzureADAuditSignInLogs returns the events from the last month only, doesn't it?
Aug 31 2021 09:25 PM
@Deleted Well upon checking I noticed that even accounts which for sure where logged in the last month where noted without an last sign-in date in the output.
So after more searching I'm now using the solution found on : GitHub - mzmaili/Get-AzureADUsersLastSignIn: Get-AADUserLastSignIn.ps1 is a PowerShell script retrieves Azure AD users with their last sign in date.
It's also faster and gives me the correct data i'm looking for.
Dec 29 2021 02:03 AM
Dec 29 2021 02:19 AM
Dec 29 2021 02:21 AM