I heard from a lot of our customers are asking for this - like the good old days we were tracking the "last logon event" 😉
Here is my take - leverage on the event goldmine Directory Insights (the user & admin events) via the JC pwsh module of course.
The Use Case
- Get the last user activities for all and generate a report in CSV format - for the past X number of days.
- Get an insight of the users who don't have activity (for the past 30 days i.e.) - especially in the context of the remote working culture as the new norm.
Here is code
# Connect to your JC tenant
Connect-jconline -JumpCloudApiKey "your-api-key"
# Building the Report Object Container
$outputReport = @()
# Set the number of days you wanted to back track
$tracebackDays = 30
# Get all users with usernames only
$usernames = (Get-JCUser -returnProperties username).username
foreach ($u in $usernames){
$report = "" | select username,geoip,service,success,client_ip,timestamp,details,event_type,useragent
# Callin JC DI and back tracking the days defined above
$loginEvent = Get-JCEvent -Service:('all') -StartTime:((Get-date).AddDays(-$tracebackDays))`
-SearchTermAnd @{"initiated_by.username" = $u} -ErrorAction SilentlyContinue |`
sort-object -Descending $_.timestamp -Bottom 1
$report.username = $u
$report.timestamp = "n.a."
$report.details = "user has no activity for the past $tracebackDays days "
if ($null -ne $loginEvent){
$report.geoip = $loginEvent.geoip
$report.service = $loginEvent.service
$report.success = $loginEvent.success
$report.client_ip = $loginEvent.client_ip
$report.timestamp = $loginEvent.timestamp
$report.details = $loginEvent.message
$report.event_type = $loginEvent.event_type
$report.useragent = $loginEvent.useragent
}
$outputReport += $report
}
$outputReport | export-csv lastUserActReport.csv
