Remove -filter * and input only 03 DC's - powershell

I have to input only 03 domain controllers instead of filter all DC's. Can anyone help me to Input only 03 DC's in to this script

$DCs = Get-ADDomainController -Filter * | Select -ExpandProperty Name

$AllUsers = ForEach ($DC in $DCs)

{ Get-ADcomputer -Filter * -SearchBase "OU=computer,DC=xyz,DC=com" -Server $DC

}
$Users = @{}

ForEach ($User in $AllUsers)

{ If ($Users.ContainsKey($User.SamAccountName))

{ If ($Users[$User.SamAccountName].lastLogon -lt $User.lastLogon)

{ $Users[$User.SamAccountName].lastLogon = $User.lastLogon

}

}

Else

{ $Users.Add($User.SamAccountName,($User | Select SamAccountName,Name,lastLogon))

}

}
$Report = $Users.Values | Select Name,SamAccountName,@{Name="Last Logon Date";Expression={ If ($_.lastLogon) { [datetime]::FromFileTime($_.lastLogon) } Else { "None" }}}

$Report | Export-CSV C:\Scripts\LastLogonReport.csv -NoTypeInformation

Open in new window

LVL 3
SAM ITAD windows Admin Asked:
Who is Participating?
 
oBdAConnect With a Mentor Commented:
Main bug: you forgot to specify to retrieve the lastLogon attribute from AD; this is not one of the default attributes.
Then it's inefficient to first collect and store each and every user n times (with n = #DCs), and then process that array; process the last logon on the fly while looping through the DCs.
You should not use aliases (select, %, ?, ...) in scripts (use only when typing a quick command line).
And you should learn how to indent properly; makes it way easier to identify where/how deep nested you currently are.
Replace the first line with whatever DCs you want to query, based on the above.
$DCs = Get-ADDomainController -Filter * | Select-Object -ExpandProperty Name

$ADObjects = @{}
ForEach ($DC in $DCs) {
	Write-Host "Processing logons at $($DC) ..."
	Get-ADComputer -Filter * -Property lastLogon -SearchBase "OU=computer,DC=xyz,DC=com" -Server $DC | ForEach-Object {
		If ($ADObjects.ContainsKey($_.SamAccountName)) {
			If ($ADObjects[$_.SamAccountName].LastLogon -lt $_.lastLogon) {
				$ADObjects[$_.SamAccountName].LastLogon = $_.lastLogon
				$ADObjects[$_.SamAccountName].LastLogonAt = $DC
			}
		} Else {
			$ADObjects.Add($_.SamAccountName, ($_ | Select-Object SamAccountName, Name, LastLogon, @{Name='LastLogonAt'; Expression={$DC}}))
		}
	}
}
$ADObjects.Values |
	Select-Object Name, SamAccountName, @{Name='Last Logon Date'; Expression={If ($_.lastLogon) {[datetime]::FromFileTime($_.lastLogon)} Else {'None'}}}, LastLogonAt |
	Export-CSV C:\Scripts\LastLogonReport.csv -NoTypeInformation

Open in new window

0
 
oBdACommented:
This should do the trick:
$DCs = Get-ADDomainController -Filter {operatingSystem -like '*Server 2003*'}

Open in new window

0
 
SAM ITAD windows Admin  Author Commented:
thanks obda.

partially helped. Is there  any way where we can define actual computer name for input?
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
oBdACommented:
With the -Identity argument (can be Name, SamAccountName, DN):
$DCs = Get-ADDomainController -Identity DC01

Open in new window

But since you're only using the expanded Name property anyway, you don't even need Get-ADDomainController for that. In the script above, you could just as well do something like
$DCs = 'DC01'

Open in new window

0
 
SAM ITAD windows Admin  Author Commented:
yup...last and final question for you obda.

I have customized the mentioned script...can you check is there any bugs in the script... based on your inputs , I can go ahead for script execution
0
 
SAM ITAD windows Admin  Author Commented:
Hello OBDA,

Script shared by you works fine, I have inputed 02 servers in the output I can see lastlogon from both the servers, can we output the latest timestamp for each object by comparing each input servers lastlogon information? so it help us to find the lastet logontime stamp from each object
0
 
oBdACommented:
That's what the script does - it collects the [/i]latest[/i] logon (and the DC where it occurred) for each AD object found.
0
 
SAM ITAD windows Admin  Author Commented:
I'm trying tell that, if script outputs data from 02 servers , script has to validate the lastest timestamp for adcomputer object from the both servers and output the lastest timestamp .

here in the output I can see server a and b with adcomputer last logon information . but I need only lasted  timestamp output. both input servers information not needed in the output
0
 
oBdACommented:
Again: this is exactly what the script does - it collects only(!) the latest logon date of each computer account from the DCs in the variable $DCs.
You will see each computer object found exactly once in the list, and the DC where the latest logon for this computer occurred.
Obviously, some of the computers will have their latest logon at one DC, and some at the other DC.
Name     SamAccountName Last Logon Date     LastLogonAt
----     -------------- ---------------     -----------
SERVER01 SERVER01$      02/05/2017 00:01:02 DC01
SERVER02 SERVER01$      02/05/2017 00:02:04 DC02

Open in new window


You will not, I repeat, not find logon dates for a single computer against each individual DC:
Name     SamAccountName Last Logon Date     LastLogonAt
----     -------------- ---------------     -----------
SERVER01 SERVER01$      02/05/2017 00:01:02 DC01
SERVER01 SERVER01$      02/05/2017 00:02:23 DC02
SERVER02 SERVER02$      02/05/2017 00:02:04 DC01
SERVER02 SERVER02$      02/05/2017 00:02:01 DC02

Open in new window

If you do get output like this, you changed the script.
0
 
SAM ITAD windows Admin  Author Commented:
I'm got the output as mentioned in the second update. but I haven't changed the script.

I have only replaced get- domain controller with DC name's .
0
 
SAM ITAD windows Admin  Author Commented:
yes. output should be each computer account latest last Logon information once in a list
0
 
oBdACommented:
Can't reproduce.
This is essentially the same as above, only that it'll sort the output by name and print the results to the console instead of a csv.
Save it as Whatever.ps1, and start it from a freshly opened PS console.
# $DCs = Get-ADDomainController -Filter * | Select-Object -ExpandProperty Name
$DCs = 'DC01', 'DC02'

$ADObjects = @{}
ForEach ($DC in $DCs) {
	Write-Host "Processing logons at $($DC) ..."
	Get-ADComputer -Filter * -Property lastLogon -SearchBase "OU=computer,DC=xyz,DC=com" -Server $DC | ForEach-Object {
		If ($ADObjects.ContainsKey($_.SamAccountName)) {
			If ($ADObjects[$_.SamAccountName].LastLogon -lt $_.lastLogon) {
				$ADObjects[$_.SamAccountName].LastLogon = $_.lastLogon
				$ADObjects[$_.SamAccountName].LastLogonAt = $DC
			}
		} Else {
			$ADObjects.Add($_.SamAccountName, ($_ | Select-Object SamAccountName, Name, LastLogon, @{Name='LastLogonAt'; Expression={$DC}}))
		}
	}
}
$ADObjects.Values |https://www.experts-exchange.com/questions/29082243/Remove-filter-and-input-only-03-DC's-powershell.html#a42459042
	Select-Object Name, SamAccountName, @{Name='Last Logon Date'; Expression={If ($_.lastLogon) {[datetime]::FromFileTime($_.lastLogon)} Else {'None'}}}, LastLogonAt |
	Sort-Object -Property Name # |
#	Export-CSV C:\Scripts\LastLogonReport.csv -NoTypeInformation

Open in new window

0
 
SAM ITAD windows Admin  Author Commented:
well support.thank you
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.