Solved

How to find old computers in Active Directory using Powershell

Posted on 2011-03-18
5
1,307 Views
Last Modified: 2012-05-11
I need to find computers that haven't been used in a while in AD on a Windows 2008 R2 DC. Let's say 30 days. How would I go about listing all of those computers in alphabetical order?
0
Comment
Question by:Greg27
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 27

Expert Comment

by:KenMcF
ID: 35167402
You can use the 2008R2 AD cmdlets and do something like this

$d = [DateTime]::Today.AddDays(-30)
Get-ADComputer -Filter 'PasswordLastSet -ge $d' -Properties PasswordLastSet | FT Name,PasswordLastSet
0
 

Author Comment

by:Greg27
ID: 35167483
This is showing me all computers and the last password date set on it. I really need a list of all computers that haven't been logged into for at least 30 days. I have a feeling I have some computers listed in AD that no longer exist on my network. Thanks.
0
 
LVL 27

Assisted Solution

by:KenMcF
KenMcF earned 100 total points
ID: 35167564
If these computers are active on the network it will be difficult to get the last time a user logged onto it. You will need to query the audit logs. If these computers are not on the network there are a few attributes you can look at. passwordlastset, Lastlogon, and lastLogonTimeStamp. There are other utilies as well, one I like is oldcmp.exe from joeware.net and the Quest AD cmdlets

get-qadcomputer -Notloggedonfor 30
get-qadcomputer -inactivefor 30


This is what the switches look for

    - The number of days that the account remains in the expired state
    - The number of days that the password of the account remains unchanged
    - The number of days that the account remains unused for logon
0
 
LVL 5

Accepted Solution

by:
sweeps earned 400 total points
ID: 35167628
The best way is to use a program (its free and works great).....

http://cjwdev.wordpress.com/category/ad-tidy/ 

you can set it down to which ou, user or computer, you can export a list, you can have it ping what it thinks is old comp to make sure they are not online.   you can disable or delete in the the program..

awesome program,  have used it for 3 months now.
0
 

Author Closing Comment

by:Greg27
ID: 35323946
Thanks for the help! I ended up giving the most points to sweeps because that is the tool I used and I don't have the Quest AD cmdlets since I am running Powershell 2 with the AD cmdlets built-in.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The following article is intended as a guide to using PowerShell as a more versatile and reliable form of application detection in SCCM.
Previously, on our Nano Server Deployment series, we've created a new nano server image and deployed it on a physical server in part 2. Now we will go through configuration.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question