PowerShell: Get last AD user login

This is a little more tricky than it looks. Last  login is only stored on the DC that last authenticated the user, hence you need to check every DC to get an accurate result.

Here is the solution in a nice little function:

function Get-LastADLogon {


Import-Module activedirectory 

$dcs = Get-ADDomainController -Filter {Name -like "*"}

$UserDeets = @()

foreach ($dc in $dcs)
    $UserDeets += Get-ADUser $UserName -Server $dc  | Get-ADObject -Properties lastLogon | select name, lastLogon

$UserDeets = ($UserDeets | Sort-Object -Property LastLogon)
return $UserDeets[-1]