PowerShell: Get-ADComputer to retrieve computer last logon date – part 1

PowerShellI’ve written about Get-ADUser several times already to find out Active Directory user information, but in this post we’ll be using Get-ADComputer to find out the last logon date for the computers in Active Directory.

As computers are retired or fail and are replaced how often do admins remember to remove the computer accounts from Active Directory?

You can use the command we are going to create below to enumerate the last login date for all the computer accounts in your domain, so that you can safely disable and remove them after they have been inactive for a period of time.

 

Firstly on SBS 2011 we’ll need to either run the PowerShell as Administrator by right clicking the PowerShell icon and selecting Run as Administrator.

Run PowerShell as Administrator

Then, we’ll need to import the Active Directory Module with the command:

Import-Module activedirectory

Import-Module activedirectoryAlternatively you could run the Active Directory Module for Windows PowerShell from the Start – Administrative Tools menu.

Active Directory Module for Windows PowerShell

For Windows Server 2012 this isn’t necessary as the module will be imported automatically.

We’ll start by confirming the PowerShell Cmdlet to use. We know we want to look at computer properties so lets see what PoweShell Cmdlets contain the word computer.

Get-Help *computer*

Get-Help computer

The Get-ADComputer command looks like the one we’re interested in so let’s take a look at it in more detail.

Get-Help Get-ADComputer

Get-Help Get-ADComputer

Next let’s look at a computer account and see what properties are returned.

Get-ADComputer -Identity SBS2K11

Get-ADComputer -identityBy default it doesn’t return anything that inidcates when it last logged on, so lets look at its extended properties.

Get-ADComputer -Identity SBS2K11 -Properties *

Get-ADComputer -identity -PropertiesAs you can see there is far more information when you use the -Properties * switch, and the property we are interested in is listed LastLogonDate.

Next let’s just output the fields that we are interested in using Format-Table, so Name and LastLogonDate.

Get-ADComputer -identity SBS2K11 -Properties * | FT Name, LastLogonDate

Get-ADComputer -identity -Properties format-table name lastlogondate
Now lets add the -Autosize switch to the Format-Table Cmdlet.

Get-ADComputer -identity SBS2K11 -Properties * | FT Name, LastLogonDate -Autosize

Get-ADComputer -identity -Properties format-table name lastlogondate -autosizeIn my test lab which I am using for this example it doesn’t make it much more readable, but in a larger environment the -Autosize switch does help with the readability of the output.

So far we have just been looking at one computer, my SBS2K11 server, now let’s modify the command to look at all computers. To do this we will change the -Identity switch for the -Filter switch. So the command looks like this:

Get-ADComputer -Filter * -Properties * | FT Name, LastLogonDate -Autosize

Get-ADComputer -Filter -Properties format-table name lastlogondate -autosize
As you can see in my test lab I have two computers so it is easy to see the computer which has the oldest logon, but again in a larger environment it can be tricky to determine this with a large output.

Below is an example of a larger environment with the same command. The computers with no LastLogonDate indicate that there is no LastLogon data (another ADComputer property), which is converted to LastLogonDate.

Get-ADComputer -Filter -Properties format-table name lastlogondate -autosize example2
Now if we want to sort these in order we would use the following command.

Get-ADComputer -Filter * -Properties *  | Sort LastLogonDate | FT Name, LastLogonDate -Autosize

Get-ADComputer -Filter -Properties sort lastlogondate format-table name lastlogondate -autosize
Now you can very easily see which computers haven’t logged on recently in ascending order. To reverse the list you would use the -Descending switch with the sort command.

Finally I’d like to output this to a file so I can confirm with colleagues the machines to be disabled or removed from Active Directory so we’ll pipe the output into the Out-File Cmdlet.

Get-ADComputer -Filter * -Properties *  | Sort LastLogonDate | FT Name, LastLogonDate -Autosize | Out-File C:\Temp\ComputerLastLogonDate.txt

So far all we’ve done is list computers according to their last logon date which is useful, but do you really then want to go and manually disable or delete all of the computers which haven’t logged on in xx number of days?

PowerShell is all about automation, so in PowerShell: Get-ADComputer to retrieve computer last logon date (and disable them) – part 2 I’ll show you how to retrieve accounts over xx days old and automatically disable them.

Below are some links to Microsoft Technet references.

Get-ADComputer can be found here: http://technet.microsoft.com/en-us/library/ee617192.aspx

Sort-Object cmdlet can be found here: http://technet.microsoft.com/en-us/library/ee176968.aspx

Related Articles:

1. PowerShell: Get-ADUser to retrieve logon scripts and home directories – Part 1

2. Office365 PowerShell: How to the find out mailbox sizes in Office365 (and Exchange 2016) using PowerShell

3. PowerShell: Get-ADUser to retrieve password last set and expiry information

4. Exchange PowerShell: How to find users hidden from the Global Address List

5. How to install Exchange 2013 (SP1) on Windows Server 2012 R2

If you found this post useful, please share!

    Related Posts

    30 thoughts on “PowerShell: Get-ADComputer to retrieve computer last logon date – part 1

    1. Ryan

      I Know this article is a little old but thought its worth noting when running commands like that against all computers in the domain it would really be best to put -Properties LastLogonDate rather than -Properties *. Saves time and computing resources. Really like what your doing and some of your articles have been really helpful.

      Thanks
      Ryan

      Reply
    2. OxfordSBSguy.com

      Thanks Ryan. I hadn’t considered that, but I can see how it would be more efficient. Most of the environments I work in are relatively small so there isn’t a huge impact by running the script. Part 2 of Get-ADComputer is still in draft form so I’ll add your suggestion to it.

      Cheers,
      Carl

      Reply
    3. Alice

      Good article, I like this information that explanation to how find last logon date for the computers in active directory. There are good active directory cleanup solution available at http://activedirectorycleanup.hatenablog.com/. It helps to find out real last logon details of account in AD environment and generate comprehensive report on inactive accounts, never logged on users.

      Reply
    4. Charles

      Hi Lukas! I appreciate the clear explanation and this was really helpful to me! I have a question though. How do I get it to check machines in a list (txt file) only and not all machines in AD?

      Thanks!

      Charles

      Reply
      1. Ryan

        Hi Charles,

        You can do that by using the following command if you have each computer on a new line in the file.

        Get-Content C:TempComputerList.txt | Foreach-Object {Get-ADComputer $_ -Properties LastLogonDate} | Sort LastLogonDate | FT Name, LastLogonDate -Autosize | Out-File C:TempComputerLastLogonDate.txt

        Regards
        Ryan

        Reply
    5. Rodolfo

      as I get this result ?

      Computer Lastlogon User
      ——– —————— —-
      DC1 6/06/2013 16:38:24 user2
      DC2 6/06/2013 16:30:40 user1

      Reply
    6. iswandi

      Hi Sir, Is it possible to generate a report that can show how long does a user not been using his email? Maybe 60 days or 180 days?

      Reply
    7. Travis

      Hey Man – Good Article! Maybe I missed it (as it is the end of the day on Friday), but I have a large domain with multiple sites and OUs. How would I pull from specific OU or container?

      Reply
      1. OxfordSBSguy.com

        You should be able to add -searchbase “ou=Sales,dc=ad,dc=oxfordsbsguy,dc=com” to limit the command to an ou or domain. Note- i’ve not tested this but used searchbase on other commands to limit the scope.

        Reply
    8. Ming

      Why is the -Properties * is not working?

      PS C:\Windows\system32> Get-ADComputer -identity computer -Properties *
      Get-ADComputer : Missing an argument for parameter ‘Properties’. Specify a parameter of type ‘System.String[]’ and try again.
      At line:1 char:33
      + Get-ADComputer -identity computer -Properties
      + ~~~~~~~~~~~
      + CategoryInfo : InvalidArgument: (:) [Get-ADComputer], ParameterBindingException
      + FullyQualifiedErrorId : MissingArgument,Microsoft.ActiveDirectory.Management.Commands.GetADComputer

      Reply
        1. Ming

          Yes, the get-adcomputer -identity computername cmd works.
          The get-adcomputer -identity computername -Properties LastLogonDate also works

          But get-adcomputer -identity computername -Properties * does not work with above error.

          Reply
    9. Sami

      Hi,
      Great article! Thanks.
      Is there any way to determine WHO logged in to a computer using this command or some other PS command?
      I have a computer that was not used in a long time, but I would need to know who was the last logged in user.. Unfortunatelly I dont have the computer in network/reachable right now.

      Reply
    10. john

      Can someone help me,when i’m try to run as per script given i’m stuck on Get-ADComputer -Identity SBS2K11and appear error as below

      Get-ADComputer : Cannot find an object with identity: ‘SBS2K11’ under: ‘DC=PETR
      ONAS,DC=PETRONET,DC=DIR’.
      At line:1 char:15
      + Get-ADComputer <<<< -Identity SBS2K11
      + CategoryInfo : ObjectNotFound: (SBS2K11:ADComputer) [Get-ADComp
      uter], ADIdentityNotFoundException
      + FullyQualifiedErrorId : Cannot find an object with identity: 'SBS2K11' u
      nder: 'DC=PETRONAS,DC=PETRONET,DC=DIR'.,Microsoft.ActiveDirectory.Manageme
      nt.Commands.GetADComputer

      Reply
      1. Ryan

        You were trying to search for an identity that was an example in this article. You would have to match the identity to something that exists within your environment.

        Get-AdComputer -Identity (Your Computer Name)

        Reply
    11. Ryan

      Is there any way to filter by age of last logon? For example, show only computers whose last logon date is older than 90 days?

      Reply

    Leave a Reply

    Your email address will not be published. Required fields are marked *