< Back
Get-LogonCache
Post
NAME Get-LogonCache
SYNOPSIS
Returns the Active Directory account names that are stored in this computer's logon cache.
SYNTAX
Get-LogonCache [[-Invalid] <Boolean>] [[-LookupDomain] <String>] [<CommonParameters>]
DESCRIPTION
The Get-LogonCache function looks at the registry of the local computer to find what (if any) domain logons are
stored in the logon cache, and what time they were last cached.
The relative account IDs (RIDs) returned may be translated into account names by specifying a -LookupDomain .
PARAMETERS
-Invalid <Boolean>
Cache slots that are empty or marked as Invalid can be returned with -Invalid $true. Invalid entries are not
"seen" by winlogon and might as well not exist, but can sometimes contain interesting vestigial information.
Required? false
Position? 1
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-LookupDomain <String>
Look up Account name RIDs on the specified Active Directory domain.
Required? false
Position? 2
Default value
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
NOTES
(c) 2016 Collective Software, LLC
You need to run this function as a member of the local Administrators group, in order to be allowed to see the
registry key where logon cache items are stored.
Technical Note: During normal operation, only the SYSTEM user has the right to read this key. This command
momentarily grants Administrators the right to read the key if necessary.
Known Limitation: This command does not decrypt the logon cache, so it cannot see the true domain associated
with each RID. This is why you must specify a -LookupDomain .
RELATED LINKS
http://CollectiveSoftware.com
SYNOPSIS
Returns the Active Directory account names that are stored in this computer's logon cache.
SYNTAX
Get-LogonCache [[-Invalid] <Boolean>] [[-LookupDomain] <String>] [<CommonParameters>]
DESCRIPTION
The Get-LogonCache function looks at the registry of the local computer to find what (if any) domain logons are
stored in the logon cache, and what time they were last cached.
The relative account IDs (RIDs) returned may be translated into account names by specifying a -LookupDomain .
PARAMETERS
-Invalid <Boolean>
Cache slots that are empty or marked as Invalid can be returned with -Invalid $true. Invalid entries are not
"seen" by winlogon and might as well not exist, but can sometimes contain interesting vestigial information.
Required? false
Position? 1
Default value False
Accept pipeline input? false
Accept wildcard characters? false
-LookupDomain <String>
Look up Account name RIDs on the specified Active Directory domain.
Required? false
Position? 2
Default value
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
NOTES
(c) 2016 Collective Software, LLC
You need to run this function as a member of the local Administrators group, in order to be allowed to see the
registry key where logon cache items are stored.
Technical Note: During normal operation, only the SYSTEM user has the right to read this key. This command
momentarily grants Administrators the right to read the key if necessary.
Known Limitation: This command does not decrypt the logon cache, so it cannot see the true domain associated
with each RID. This is why you must specify a -LookupDomain .
RELATED LINKS
http://CollectiveSoftware.com