• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 200
  • Last Modified:

PC last used report

Do any of the AD powershell cmdlets show any stats on the last time the device was used/communicated with the domain?

I need a report for all machines showing status, PC name, and last used dates, output to CSV. Can anyone assist?
0
pma111
Asked:
pma111
4 Solutions
 
DavidPresidentCommented:
Well,  all PCs on the domain contact the DC to sync time every 60 mins by default.  As such, the "last used" date  will be no greater than 60 mins, worst case.

There are details to changing this update behavior, but assuming you haven't changed it, then it is moot. The answer is the PCs are always communicating with the domain.

http://support.microsoft.com/kb/816042
0
 
dan_blagutCommented:
hello
if you want to cleanup your domain this is the script you need
https://gallery.technet.microsoft.com/scriptcenter/Get-Inactive-Computer-in-54feafde

if you want for all computers, just replace 90 with 9000 n the $DaysInactive = 90 , assuming that your domain isn't 25 years old.

Dan
0
 
btanExec ConsultantCommented:
Thinking out further as to really be accurate is to sniff and also look at all the network log trail not only at endpoint but at the network devices in the routes to AD too. A good source is the FW, router fronting the AD or any SIEMS or log collector for all the org app/sys/security log....others are more of login that can be gathered more quickly can be based on event like login, file sharing etc from each endpoint (src and AD vice versa)...

a) LastActivityView at endpoint  or AD itself - minimally to ascertain any files movement with AD or Computer shares etc. also to make sure it is as it claimed if audit trail of user login is retrieved from AD
http://www.nirsoft.net/utils/computer_activity_view.html

b) SimpleWMIView at endpoint or AD itself - Similarly, quick check if there is WMI calls to AD or Computer comms (where likely)
http://www.nirsoft.net/utils/simple_wmi_view.html

c) PsLogList at endpoint or AD itself  - Gather event log for specific event id (like login as well) to be comprehensive
https://technet.microsoft.com/en-us/sysinternals/bb897544

Powershell (Active Directory Module for Windows PowerShell )
eg. Get-Help *computer* to give a list of command possible and possibly tap on
> Get-ADComputer (like Get-ADComputer -Identity "COMPUTERHOSTNAME-SBS" -Properties *) and look at "LastLogonDate" to find out the last logon date for the computers in Active Directory.

e.g. Get-ADComputer -Filter * -Properties *  | Sort LastLogonDate | FT Name, LastLogonDate -Autosize | Out-File C:\Temp\ComputerLastLogonDate.txt
OR this based on last no of "xx" days
So now we can specify a date xx days ago, all we need to do it compare this to the last logon data to give us out list of computer accounts we are interested in working with. I’ve changed the order of -Properties and -Filter because it makes more sense to me logically,
 
$datecutoff = (Get-Date).AddDays(-365)
 
Get-ADComputer  -Properties LastLogonDate -Filter {LastLogonDate -lt $datecutoff} | Sort LastLogonDate | FT Name, LastLogonDate -Autosize
http://oxfordsbsguy.com/2014/11/20/powershell-get-adcomputer-to-retrieve-computer-last-logon-date-and-disable-them-part-2/
0
 
Aaron TomoskySD-WAN SimplifiedCommented:
For all domain joined machines and users,  adtidy is great simple gui
http://www.cjwdev.com/Software/ADTidy/Info.html
0
 
btanExec ConsultantCommented:
Probably to sum up for powershell
Import-Module ActiveDirectory

# get today's date
$today = Get-Date

#Get today - 60 days (2 month old)
$cutoffdate = $today.AddDays(-60)

#Get the computer accounts filtered by lastlogondate.
# Select only required properties of the computer account
# and export it to a file
Get-ADComputer  -Properties * -Filter {LastLogonDate -gt $cutoffdate} `
| Select Name,OperatingSystem,OperatingSystemVersion, `
LastLogonDate,CanonicalName | Export-Csv ./ActiveComputers.csv

Open in new window

http://anandthearchitect.com/2012/03/29/powershell-list-active-computers-from-active-directory/

I see this PS also handy which allow you to as stated
to manage Sessions and Processes on local or remote machines. It allows you to Query/Disconnect/Stop session(s), Query/Stop process(es) and Send Interactive message to one or more sessions
http://www.lazywinadmin.com/2014/10/powershell-gui-lazyts-terminal-services.html
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now