Find AD Users who never logged on using Powershell
We can use the Active Directory powershell cmdlet Get-ADUser to query users from AD. We can find and get a list of AD users who never logged in at least one time by checking the AD attribute value lastlogontimestamp . The below command lists all users who never logged on. Get-ADUser -Filter {(lastlogontimestamp -notlike "*")} | Select Name,DistinguishedName If you want to list only enabled ad users, you can add one more check in the above filter. Get-ADUser -Filter {(lastlogontimestamp -notlike "*") -and (enabled -eq $true)} | Select Name,DistinguishedName If you are familiar with LDAP filter you can also find never logged in users by using ldap filter. Get-ADUser -ldapfilter '(&(!lastlogontimestamp=*)(!useraccountcontrol:1.2.840.113556.1.4.803:=2))' | Select Name,DistinguishedName In most cases, we may want to find AD users who created in last certain days or months and not logged in their system. To achieve this, we need to fi...