1 min to read

Getting Last LoggedOn User Account in Exchange Online Mailbox

Featured image

The attribute “LastLoggedOnUserAccount” holds the user account that last logged in to the particular mailbox. This parameter is returned for the cmdlet “Get-MailboxStatistics”.

But this attribute is deprecated in Exchange Online. You can notice in the below screen-shot that the value is empty for this attribute.

In this article, we shall check how to get the last logged on user account on exchange online mailboxes using Search-MailboxAuditLog” exchange online cmdlet.

Get last logged on user for particular mailbox: The below script get the get the last logged on user account for the mailbox alexd@xxxx.onmicrosoft.com.

``` {.black style=”overflow:auto;”} $UserCredential = Get-Credential $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection Import-PSSession $Session

Search-MailboxAuditLog -StartDate ([system.DateTime]::Now.AddDays(-30)) -EndDate ([system.DateTime]::Now.AddDays(+2)) -Operations MailboxLogin,FolderBind -Identity alexd@xxxx.onmicrosoft.com -ShowDetails -First 1 select Operation,LogonType,MailboxOwnerUPN,LogonUserDisplayName,LastAccessed 

In this script we are,
 1. Collect all the particular mailbox audit logs for the events
MailboxLogin and FolderBind for past 30 days
 2. Already the generated are sorted, we are just picking the latest
audit log event, which holds the last logged on user account on that
mailbox

The event MailboxLogin is generated when mailbox owner logged into his
mailbox. The event FolderBind is generated when non-owner(admin or
delegate) accessed the mailbox.

For information on Exchange mailbox auditing and the about generated
events refer:

[https://technet.microsoft.com/en-us/library/ff459237(v=exchg.160).aspx](https://technet.microsoft.com/en-us/library/ff459237(v=exchg.160).aspx)

**Get last logged on user for all the mailboxes:**
 The below script get the get the last logged on user account for all
the mailboxes in the tenant

``` {.black style="overflow:auto;"}
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri
https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic-
AllowRedirection
Import-PSSession $Session
 
$mailboxs = Get-MailBox 
$mailboxs | Foreach-Object{
$mailbox=$_
 
Search-MailboxAuditLog -StartDate ([system.DateTime]::Now.AddDays(-30)) -EndDate ([system.DateTime]::Now.AddDays(+2)) -Operations MailboxLogin,FolderBind -Identity $mailbox.UserPrincipalName  -ShowDetails|select Operation,LogonType,MailboxOwnerUPN,LogonUserDisplayName,LastAccessed -First 1
}
#Office 365 #Exchange Online