Detecting inactive computers in your AD domain.

Use the LastLogonTimeStamp or the LastLogin Active Directory attribute.

If you are on a Windows 2003 Functional Domain or later, use LastLogonTimeStamp.  If you are on a Windows 2000 Functional Domain, you’re stuck with LastLogon (and a bit more work).

LastLogonTimeStamp.
This is how I got the LastLogonTimeStamp for all the computers in my domain, by using PowerShell and Quest’s Active Server Roles (free!) product.

  1. Start the ‘ActiveRoles Management Shell for Active Directory’ console
  2. Enter the following command string
    GET-QADCOMPUTER -SizeLimit 0 -IncludedProperties LastLogonTimeStamp | Select-Object Name, LastLogonTimeStamp, OSName, ParentContainerDN
  3. and then press Enter

Or if I want to dump it out to a CSV file, so I can look at it in Excel:
GET-QADCOMPUTER -SizeLimit 0 -IncludedProperties LastLogonTimeStamp | Select-Object Name, LastLogonTimeStamp, OSName, ParentContainerDN | Export-CSV 'c:\temp\Report.csv'

LastLogin
LastLoginTimeStamp isn’t available in a Windows 2000 Functional Domain, so you’re stuck with LastLogin.  Which does not replicate between domain controllers.  This means you need to connect to each domain controller, and extract the information (sigh).

First we connect to a known domain controller, let’s say FRED01, by entering the connect-QADService on a command line
connect-QADService -service 'FRED01'

Next we get list off computers in the FRED domain:
get-QADComputer -computerRole 'DomainController'

Name             Type            DN
----             ----            --
FRED18           computer        CN=FRED18,OU=Domain Controllers,DC=xxx
FRED01           computer        CN=FRED01,OU=Domain Controllers,DC=xxx
FRED19           computer        CN=FRED19,OU=Domain Controllers,DC=xxx

Now we have the list of domain controllers, we need to connect to each Domain Controller:
connect-QADService -service 'FRED18'

and run the command to do the export from this domain controller to a CSV file
GET-QADCOMPUTER -SizeLimit 0 –IncludedProperties LastLogon | Select-Object Name, LastLogon, OSName, ParentContainerDN | Export-CSV 'c:\temp\FRED18.csv'

Notes:

  • the Export-CSV Powershell cmdlet will overwrite your CSV if you re-run it.
    So change the report name for each different domain controller you connect to.
  • You need to connect to each domain controller to get all the LastLogin dates.
  • Yes, you could script this, and if I was doing it often, I would.
  • Yes, if you had Windows 2008 R2 or Windows 7 with RSAT, you could do this with the Active Directory Domain Services Cmdlets

Bookmark and Share