PC last used report

Do any of the AD powershell cmdlets show any stats on the last time the device was used/communicated with the domain?

I need a report for all machines showing status, PC name, and last used dates, output to CSV. Can anyone assist?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Well,  all PCs on the domain contact the DC to sync time every 60 mins by default.  As such, the "last used" date  will be no greater than 60 mins, worst case.

There are details to changing this update behavior, but assuming you haven't changed it, then it is moot. The answer is the PCs are always communicating with the domain.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
if you want to cleanup your domain this is the script you need

if you want for all computers, just replace 90 with 9000 n the $DaysInactive = 90 , assuming that your domain isn't 25 years old.

btanExec ConsultantCommented:
Thinking out further as to really be accurate is to sniff and also look at all the network log trail not only at endpoint but at the network devices in the routes to AD too. A good source is the FW, router fronting the AD or any SIEMS or log collector for all the org app/sys/security log....others are more of login that can be gathered more quickly can be based on event like login, file sharing etc from each endpoint (src and AD vice versa)...

a) LastActivityView at endpoint  or AD itself - minimally to ascertain any files movement with AD or Computer shares etc. also to make sure it is as it claimed if audit trail of user login is retrieved from AD

b) SimpleWMIView at endpoint or AD itself - Similarly, quick check if there is WMI calls to AD or Computer comms (where likely)

c) PsLogList at endpoint or AD itself  - Gather event log for specific event id (like login as well) to be comprehensive

Powershell (Active Directory Module for Windows PowerShell )
eg. Get-Help *computer* to give a list of command possible and possibly tap on
> Get-ADComputer (like Get-ADComputer -Identity "COMPUTERHOSTNAME-SBS" -Properties *) and look at "LastLogonDate" to find out the last logon date for the computers in Active Directory.

e.g. Get-ADComputer -Filter * -Properties *  | Sort LastLogonDate | FT Name, LastLogonDate -Autosize | Out-File C:\Temp\ComputerLastLogonDate.txt
OR this based on last no of "xx" days
So now we can specify a date xx days ago, all we need to do it compare this to the last logon data to give us out list of computer accounts we are interested in working with. I’ve changed the order of -Properties and -Filter because it makes more sense to me logically,
$datecutoff = (Get-Date).AddDays(-365)
Get-ADComputer  -Properties LastLogonDate -Filter {LastLogonDate -lt $datecutoff} | Sort LastLogonDate | FT Name, LastLogonDate -Autosize
Aaron TomoskySD-WAN SimplifiedCommented:
For all domain joined machines and users,  adtidy is great simple gui
btanExec ConsultantCommented:
Probably to sum up for powershell
Import-Module ActiveDirectory

# get today's date
$today = Get-Date

#Get today - 60 days (2 month old)
$cutoffdate = $today.AddDays(-60)

#Get the computer accounts filtered by lastlogondate.
# Select only required properties of the computer account
# and export it to a file
Get-ADComputer  -Properties * -Filter {LastLogonDate -gt $cutoffdate} `
| Select Name,OperatingSystem,OperatingSystemVersion, `
LastLogonDate,CanonicalName | Export-Csv ./ActiveComputers.csv

Open in new window


I see this PS also handy which allow you to as stated
to manage Sessions and Processes on local or remote machines. It allows you to Query/Disconnect/Stop session(s), Query/Stop process(es) and Send Interactive message to one or more sessions
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows OS

From novice to tech pro — start learning today.