I’ve written about Get-ADUser several times already to find out Active Directory user information, but in this post we’ll be using Get-ADComputer to find out the last logon date for the computers in Active Directory.
As computers are retired or fail and are replaced how often do admins remember to remove the computer accounts from Active Directory?
You can use the command we are going to create below to enumerate the last login date for all the computer accounts in your domain, so that you can safely disable and remove them after they have been inactive for a period of time.
Firstly on SBS 2011 we’ll need to either run the PowerShell as Administrator by right clicking the PowerShell icon and selecting Run as Administrator.
Then, we’ll need to import the Active Directory Module with the command:
Import-Module activedirectory
Alternatively you could run the Active Directory Module for Windows PowerShell from the Start – Administrative Tools menu.
For Windows Server 2012 this isn’t necessary as the module will be imported automatically.
We’ll start by confirming the PowerShell Cmdlet to use. We know we want to look at computer properties so lets see what PoweShell Cmdlets contain the word computer.
Get-Help *computer*
The Get-ADComputer command looks like the one we’re interested in so let’s take a look at it in more detail.
Get-Help Get-ADComputer
Next let’s look at a computer account and see what properties are returned.
Get-ADComputer -Identity SBS2K11
By default it doesn’t return anything that inidcates when it last logged on, so lets look at its extended properties.
Get-ADComputer -Identity SBS2K11 -Properties *
As you can see there is far more information when you use the -Properties * switch, and the property we are interested in is listed LastLogonDate.
Next let’s just output the fields that we are interested in using Format-Table, so Name and LastLogonDate.
[EDIT May 2017] On a single computer using -Properties * is ok, but for a large domain this can cause quite a slow down in processing the cmdlet. Specify the required properties in the cmdlet, so in this example the cmdlet would be -Properties LastLogonDate.
Get-ADComputer -identity SBS2K11 -Properties * | FT Name, LastLogonDate
Now lets add the -Autosize switch to the Format-Table Cmdlet.
Get-ADComputer -identity SBS2K11 -Properties * | FT Name, LastLogonDate -Autosize
In my test lab which I am using for this example it doesn’t make it much more readable, but in a larger environment the -Autosize switch does help with the readability of the output.
So far we have just been looking at one computer, my SBS2K11 server, now let’s modify the command to look at all computers. To do this we will change the -Identity switch for the -Filter switch. So the command looks like this:
Get-ADComputer -Filter * -Properties * | FT Name, LastLogonDate -Autosize
As you can see in my test lab I have two computers so it is easy to see the computer which has the oldest logon, but again in a larger environment it can be tricky to determine this with a large output.
Below is an example of a larger environment with the same command. The computers with no LastLogonDate indicate that there is no LastLogon data (another ADComputer property), which is converted to LastLogonDate.
Now if we want to sort these in order we would use the following command.
Get-ADComputer -Filter * -Properties * | Sort LastLogonDate | FT Name, LastLogonDate -Autosize
Now you can very easily see which computers haven’t logged on recently in ascending order. To reverse the list you would use the -Descending switch with the sort command.
Finally I’d like to output this to a file so I can confirm with colleagues the machines to be disabled or removed from Active Directory so we’ll pipe the output into the Out-File Cmdlet.
Get-ADComputer -Filter * -Properties * | Sort LastLogonDate | FT Name, LastLogonDate -Autosize | Out-File C:\Temp\ComputerLastLogonDate.txt
So far all we’ve done is list computers according to their last logon date which is useful, but do you really then want to go and manually disable or delete all of the computers which haven’t logged on in xx number of days?
PowerShell is all about automation, so in PowerShell: Get-ADComputer to retrieve computer last logon date (and disable them) – part 2 I’ll show you how to retrieve accounts over xx days old and automatically disable them.
Below are some links to Microsoft Technet references.
Get-ADComputer can be found here: http://technet.microsoft.com/en-us/library/ee617192.aspx
Sort-Object cmdlet can be found here: http://technet.microsoft.com/en-us/library/ee176968.aspx
Related Articles:
1. PowerShell: Get-ADUser to retrieve logon scripts and home directories – Part 1
2. Office 365 PowerShell: How to bulk change Office 365 calendar permissions using Windows PowerShell
3. PowerShell: Get-ADUser to retrieve password last set and expiry information
4. Exchange PowerShell: How to find users hidden from the Global Address List
5. How to install Exchange 2013 (SP1) on Windows Server 2012 R2
I Know this article is a little old but thought its worth noting when running commands like that against all computers in the domain it would really be best to put -Properties LastLogonDate rather than -Properties *. Saves time and computing resources. Really like what your doing and some of your articles have been really helpful.
Thanks
Ryan
Thanks Ryan. I hadn’t considered that, but I can see how it would be more efficient. Most of the environments I work in are relatively small so there isn’t a huge impact by running the script. Part 2 of Get-ADComputer is still in draft form so I’ll add your suggestion to it.
Cheers,
Carl
Good article, I like this information that explanation to how find last logon date for the computers in active directory. There are good active directory cleanup solution available at http://activedirectorycleanup.hatenablog.com/. It helps to find out real last logon details of account in AD environment and generate comprehensive report on inactive accounts, never logged on users.
Hi – just to say this was a great tutorial, and has encouraged me to do more with Powershell – thanks!
Thanks Joe, I’m glad it helped.
Hi , really good tutorial . Also waiting for part 2 which would be really helpful for me .
Thanks Lukas, I started to write it but got side tracked! Check back next week.
Cheers,
Carl
Part 2 just published!
http://oxfordsbsguy.com/2014/11/20/powershell-get-adcomputer-to-retrieve-computer-last-logon-date-and-disable-them-part-2/
Cheers,
Carl
Hi Lukas! I appreciate the clear explanation and this was really helpful to me! I have a question though. How do I get it to check machines in a list (txt file) only and not all machines in AD?
Thanks!
Charles
Hi Charles,
You can do that by using the following command if you have each computer on a new line in the file.
Get-Content C:TempComputerList.txt | Foreach-Object {Get-ADComputer $_ -Properties LastLogonDate} | Sort LastLogonDate | FT Name, LastLogonDate -Autosize | Out-File C:TempComputerLastLogonDate.txt
Regards
Ryan
Great Help . Worked perfectly.
Excellent article! Have you published part two yet?
Part two is on the way, just putting the finishing touches to it.
Part 2 just published!
http://oxfordsbsguy.com/2014/11/20/powershell-get-adcomputer-to-retrieve-computer-last-logon-date-and-disable-them-part-2/
Cheers,
Carl
as I get this result ?
Computer Lastlogon User
——– —————— —-
DC1 6/06/2013 16:38:24 user2
DC2 6/06/2013 16:30:40 user1
I would like an output just like this as well. What is the command?
Hi Sir, Is it possible to generate a report that can show how long does a user not been using his email? Maybe 60 days or 180 days?
Hey Man – Good Article! Maybe I missed it (as it is the end of the day on Friday), but I have a large domain with multiple sites and OUs. How would I pull from specific OU or container?
You should be able to add -searchbase “ou=Sales,dc=ad,dc=oxfordsbsguy,dc=com” to limit the command to an ou or domain. Note- i’ve not tested this but used searchbase on other commands to limit the scope.
Why is the -Properties * is not working?
PS C:\Windows\system32> Get-ADComputer -identity computer -Properties *
Get-ADComputer : Missing an argument for parameter ‘Properties’. Specify a parameter of type ‘System.String[]’ and try again.
At line:1 char:33
+ Get-ADComputer -identity computer -Properties
+ ~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Get-ADComputer], ParameterBindingException
+ FullyQualifiedErrorId : MissingArgument,Microsoft.ActiveDirectory.Management.Commands.GetADComputer
Does get-adcomputer -identity computername work?
Yes, the get-adcomputer -identity computername cmd works.
The get-adcomputer -identity computername -Properties LastLogonDate also works
But get-adcomputer -identity computername -Properties * does not work with above error.
Always come to your site for Powershell advice. Top work and thanks 🙂
Can you get GET-ADcomputer -Identity to output data from multiple machines at once?
Hi,
Great article! Thanks.
Is there any way to determine WHO logged in to a computer using this command or some other PS command?
I have a computer that was not used in a long time, but I would need to know who was the last logged in user.. Unfortunatelly I dont have the computer in network/reachable right now.
Hi Sami,
To your asked concern, you can checkout Lepide last logon reporter tool which is available free and should be an ideal approach to fetch users last logon reports within few clicks. Please check – http://www.lepide.com/freetools/last-logon-reporter.html
Can someone help me,when i’m try to run as per script given i’m stuck on Get-ADComputer -Identity SBS2K11and appear error as below
Get-ADComputer : Cannot find an object with identity: ‘SBS2K11’ under: ‘DC=PETR
ONAS,DC=PETRONET,DC=DIR’.
At line:1 char:15
+ Get-ADComputer <<<< -Identity SBS2K11
+ CategoryInfo : ObjectNotFound: (SBS2K11:ADComputer) [Get-ADComp
uter], ADIdentityNotFoundException
+ FullyQualifiedErrorId : Cannot find an object with identity: 'SBS2K11' u
nder: 'DC=PETRONAS,DC=PETRONET,DC=DIR'.,Microsoft.ActiveDirectory.Manageme
nt.Commands.GetADComputer
You were trying to search for an identity that was an example in this article. You would have to match the identity to something that exists within your environment.
Get-AdComputer -Identity (Your Computer Name)
Is there any way to filter by age of last logon? For example, show only computers whose last logon date is older than 90 days?
Nice Really great work …….Thanks
Brilliant. Thanks for writing this
This is great! Thank you!
How would you add command to this to show what user account last logged onto the computer and a date?
Get-ADComputer -Filter * -Properties * | Sort LastLogonDate | FT Name, LastLogonDate -Autosize | Out-File C:\Temp\ComputerLastLogonDate.txt
Thank you!
Joel
Thank your very much, it has been very usefull for me.
is there a way to do both of these in one:
$ServiceTagsPath=$filePath + ‘\DellAPIWarrantyLIST.csv’
write-host ‘get all computer names from Active Directory…for Windows 7…’
Get-ADComputer -properties * -filter {(operatingsystem -like “*Windows 7*”)} |
Where-Object {$_.name -like “*-*”} |
Where-Object {$_.name -NotLike “V7-*”} |
Where-Object {$_.name -NotLike “*-NONE”} |
Where-Object {$_.name -NotLike “*-ONCALL”} |
Where-Object {$_.name -NotLike “*-BLACKBAUD”} |
Where-Object {$_.name -NotLike “SC-WIN7-1”} |
Where-Object {$_.name -NotLike “UT-SWCLIENT-01”} |
Select-Object -property Name , LastLogonDate | export-csv $ServiceTagsPath -NoTypeInformation -Force
$computers= Get-ADComputer -properties * -filter {(operatingsystem -like “*Windows 7*”)} |
Where-Object {$_.name -like “*-*”} |
Where-Object {$_.name -NotLike “V7-*”} |
Where-Object {$_.name -NotLike “*-NONE”} |
Where-Object {$_.name -NotLike “*-ONCALL”} |
Where-Object {$_.name -NotLike “*-BLACKBAUD”} |
Where-Object {$_.name -NotLike “SC-WIN7-1”} |
Where-Object {$_.name -NotLike “UT-SWCLIENT-01”} |
Select-Object -Expand Name
Write-Host $computers.Length + ‘ computers found in Active Directory…’
so as well as having a csv file with 2 columns, showing the Computer Name and LastLogondate, I’d have an array with just the computer names?
Get-ADComputer -Identity PC-00249 -Properties *
is there a way to see the last user account that logged into the computer. Trying to figure out who touched the computer last.