Sometimes in the course of IT business users get created in your directory that never get used and are forgotten. Objects in your directory that aren’t receiving attention can be security risks especially if these accounts have elevated privileges.  One way to find user objects that have been created but were never used is to query your directory to find users who have never logged in.

Find Users Who Have Never Logged into Active Directory Using PowerShell

When you run the following script on your server, it will fetch users who have never logged in on a particular domain. With a little bit of effort, you could do this for multiple domains and/or export the results to a CSV, HTML file, or send it in an email.

One important part of this method is to query using the “iscriticalsystemobject” attribute in Active Directory. Active Directory has critical user objects that exist but are never meant to login. It’s preferable to leave these results out of your query. As the name of the attribute suggests, these are critical and generally shouldn’t be edited.

Method #1


import-module activedirectory
Get-ADUser -LDAPFilter "(&(&(objectCategory=person)(objectClass=user)(!isCriticalSystemObject=TRUE))(|(lastLogon=0)(!(lastLogon=*))))"


Method #2:


import-module activedirectory
get-aduser -Filter {-not (lastlogontimestamp -like "*") -and -not (iscriticalsystemobject -eq $true)}

You might also want to use a service account (“-Credentials” on your PowerShell commands) to keep things more secure. There are several other methods that don’t require RSAT (and the “activedirectory” module) but these are the most convenient techniques to start.

Web Active Directory’s PeopleAudit

Web Active Directory’s PeopleAudit allows you to run a report like this on demand or delegate it safely for others in your organization to run via their web browser. Users can filter and sort the results on the fly, and with a single button press print the results or export to your clipboard, PDF, Excel, or CSV.

Safely and securely specify the service account to use to perform the reporting tasks.  Customize the report results and filters without scripting or coding.

You can also schedule these reports to be delivered to you or others in your organization via emails that you can configure.