Does a windows server "login" or check into active directory?

We are trying to determine if some of our windows are being used or not. I was hoping there is a way to check in AD for the last login time-stamp or some way that the server will login or check into AD.

Is there any such way to determine if the server if actively logging into AD?
rdefinoAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
You need to enable auditing in the server going forward to determine this. Without auditing, I do not think you can accurately determine this.
0
rdefinoAuthor Commented:
So you mean enable it on all the servers that I need to pull this info for?  Once it's enabled, what will that produce? What would I look for to determine this?
0
JohnBusiness Consultant (Owner)Commented:
I think you need to enable auditing on every server logged into. Here is a TechNet article that discusses audit log findings

https://technet.microsoft.com/en-us/library/cc787567%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

ManieyaK_Citrix Systems / Network AdminCommented:
You should only need to enable auditing on the main DC, where AD is installed, no matter which server is logged into it will always go back to authenticate with Kerberos.  There should also be a section under each user account in AD that shows the last time the account authenticated.
0
deroodeSystems AdministratorCommented:
In Active Directory Users and Computers, make sure you have View - Advanced Features checked; Then find the server object, and on the Object tab you can see the date that the server object is created and also the date Modified, which is usually the last time the server has been restarted; When restarting a server it will log into Active Directory, thus updating the Modified date;
0
rdefinoAuthor Commented:
Is there any other reason the "Modified date" would change other than a reboot?
0
deroodeSystems AdministratorCommented:
Yes. For example if one of your system admins moves a computer object to a different OU the modified date will change. I'm not aware of anything the server itself can do to change the modified date exept for rebooting...
0
rdefinoAuthor Commented:
So any idea what attribute I could use to determine if a system is being used or just sitting there? I was thinking the lastlogin time stamp. I have a report toll that will look at every DC and take the newest timestamp for each system. But I;'m not sure what caused the lastlogin time stamp to get modified and if it's a good way to good to determine what system are used or not.
0
deroodeSystems AdministratorCommented:
Well, if you do not want the time the server is logging in into AD, but the time any users are logging in to the server you will need auditing as John Hurst suggested.
0
JohnBusiness Consultant (Owner)Commented:
@rdefino - Thanks and good luck with implementing server auditing.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.