You all know about lastlogontimestamp, and how AD replicates logon data in a lazy way. As a result, when you want to know the last logon for a user you need to query all the domain controllers in your Active Directory Domain. I found a script by Ahmed Malek on TechNet, but felt that his way of enumerating domains to be much too slow for our large forest. After some experimenting, I found this to be the fastest way to get DCs in our domain:
#requires -module ActiveDirectory
Import-Module ActiveDirectory
$adDomain = Get-AdDomain
$ADRoot= $adDomain.dnsroot
$DomainControllers = Get-ADDomainController -server $ADRoot -Filter {Enabled -eq $true} |
Select-Object -Property hostname
$DomainControllers
The key in the code above is using the DNS domain name as the server name. I also made some changes in default values, and added the ability to send the data to the clipboard. This is not fancy stuff, just a quick and useful way to get a users last domain logon. The result is Get-LastDomainLogon.ps1.