Logon Duration in Active DirectoryLocked
I have several users at my organization that stay logged in constantly, they never logout even though we have told them to. The problem is that when their password expires after 90 days, they don’t get prompted to change it. I want to be able to run a script of some type that would find the logon duration, and if it is over 76 days (14 days to change their password), spit out a report, or log them off or something. I know AD has a LastLogon attribute, but that would look the same if the person had logged on three weeks ago and logged off, or logged on and stayed logged on. Does anyone know of a way to calculate or display the Logon Duration in Active Directory?