Is it possible to get the date of a user's last login to AD if the user was deleted?

active-directory windows-domain

After STTR's very good explanations on how to get the dates of last login of existing (including disabled) AD users and how to retrieve the list of deleted users, One question remains.

Provided that logs are preserved long enough, is it possible to obtain the date when some particular deleted user logged in to AD for the last time? How?


Solution 1:

If you are running with Domain Functional Level 2008 and have Active Directory Recycle Bin enabled, this powershell command will work for accounts deleted in the last 6 months:

[datetime]::FromFileTime((Get-ADObject -Filter {SamAccountName -like "joeuser"} –IncludeDeletedObjects -prop *).lastLogonTimestamp)

Substitute the username for joeuser

Related

Automatically deny hacking attempts in CentOS?
curl can't connect; wget can
Separating two networks
Modify a large file, then be able to rollback changes doing it (almost) inplace
saving sessions on Chrome [closed]
Customizing device installation settings
MS Word: How do I format all change tracked text at once?
Modifying the Path environment variable is not working
Computer crashes every 2 to 10 minutes [duplicate]
How do I stop Notepad++ taking back file associations?
How to map “shift” key to “shift” + “capslock” using AutoHotkey?
How to tell Windows 7 NOT to search for LAN printers on start-up?