PowerShell: Get-ADComputer to retrieve computer last logon date – part 1

PowerShellI’ve written about Get-ADUser several times already to find out Active Directory user information, but in this post we’ll be using Get-ADComputer to find out the last logon date for the computers in Active Directory.

As computers are retired or fail and are replaced how often do admins remember to remove the computer accounts from Active Directory?

You can use the command we are going to create below to enumerate the last login date for all the computer accounts in your domain, so that you can safely disable and remove them after they have been inactive for a period of time.


Firstly on SBS 2011 we’ll need to either run the PowerShell as Administrator by right clicking the PowerShell icon and selecting Run as Administrator.

Run PowerShell as Administrator

Then, we’ll need to import the Active Directory Module with the command:

Import-Module activedirectory

Import-Module activedirectoryAlternatively you could run the Active Directory Module for Windows PowerShell from the Start – Administrative Tools menu.

Active Directory Module for Windows PowerShell

For Windows Server 2012 this isn’t necessary as the module will be imported automatically.

We’ll start by confirming the PowerShell Cmdlet to use. We know we want to look at computer properties so lets see what PoweShell Cmdlets contain the word computer.

Get-Help *computer*

Get-Help computer

The Get-ADComputer command looks like the one we’re interested in so let’s take a look at it in more detail.

Get-Help Get-ADComputer

Get-Help Get-ADComputer

Next let’s look at a computer account and see what properties are returned.

Get-ADComputer -Identity SBS2K11

Get-ADComputer -identityBy default it doesn’t return anything that inidcates when it last logged on, so lets look at its extended properties.

Get-ADComputer -Identity SBS2K11 -Properties *

Get-ADComputer -identity -PropertiesAs you can see there is far more information when you use the -Properties * switch, and the property we are interested in is listed LastLogonDate.

Next let’s just output the fields that we are interested in using Format-Table, so Name and LastLogonDate.

[EDIT May 2017] On a single computer using -Properties * is ok, but for a large domain this can cause quite a slow down in processing the cmdlet. Specify the required properties in the cmdlet, so in this example the cmdlet would be -Properties LastLogonDate.

Get-ADComputer -identity SBS2K11 -Properties * | FT Name, LastLogonDate

Get-ADComputer -identity -Properties format-table name lastlogondate
Now lets add the -Autosize switch to the Format-Table Cmdlet.

Get-ADComputer -identity SBS2K11 -Properties * | FT Name, LastLogonDate -Autosize

Get-ADComputer -identity -Properties format-table name lastlogondate -autosizeIn my test lab which I am using for this example it doesn’t make it much more readable, but in a larger environment the -Autosize switch does help with the readability of the output.

So far we have just been looking at one computer, my SBS2K11 server, now let’s modify the command to look at all computers. To do this we will change the -Identity switch for the -Filter switch. So the command looks like this:

Get-ADComputer -Filter * -Properties * | FT Name, LastLogonDate -Autosize

Get-ADComputer -Filter -Properties format-table name lastlogondate -autosize
As you can see in my test lab I have two computers so it is easy to see the computer which has the oldest logon, but again in a larger environment it can be tricky to determine this with a large output.

Below is an example of a larger environment with the same command. The computers with no LastLogonDate indicate that there is no LastLogon data (another ADComputer property), which is converted to LastLogonDate.

Get-ADComputer -Filter -Properties format-table name lastlogondate -autosize example2
Now if we want to sort these in order we would use the following command.

Get-ADComputer -Filter * -Properties *  | Sort LastLogonDate | FT Name, LastLogonDate -Autosize

Get-ADComputer -Filter -Properties sort lastlogondate format-table name lastlogondate -autosize
Now you can very easily see which computers haven’t logged on recently in ascending order. To reverse the list you would use the -Descending switch with the sort command.

Finally I’d like to output this to a file so I can confirm with colleagues the machines to be disabled or removed from Active Directory so we’ll pipe the output into the Out-File Cmdlet.

Get-ADComputer -Filter * -Properties *  | Sort LastLogonDate | FT Name, LastLogonDate -Autosize | Out-File C:\Temp\ComputerLastLogonDate.txt

So far all we’ve done is list computers according to their last logon date which is useful, but do you really then want to go and manually disable or delete all of the computers which haven’t logged on in xx number of days?

PowerShell is all about automation, so in PowerShell: Get-ADComputer to retrieve computer last logon date (and disable them) – part 2 I’ll show you how to retrieve accounts over xx days old and automatically disable them.

Below are some links to Microsoft Technet references.

Get-ADComputer can be found here: http://technet.microsoft.com/en-us/library/ee617192.aspx

Sort-Object cmdlet can be found here: http://technet.microsoft.com/en-us/library/ee176968.aspx

Related Articles:

1. PowerShell: Get-ADUser to retrieve logon scripts and home directories – Part 1

2. Office 365 PowerShell: How to bulk change Office 365 calendar permissions using Windows PowerShell

3. PowerShell: Get-ADUser to retrieve password last set and expiry information

4. Exchange PowerShell: How to find users hidden from the Global Address List

5. How to install Exchange 2013 (SP1) on Windows Server 2012 R2

38 thoughts on “PowerShell: Get-ADComputer to retrieve computer last logon date – part 1

  1. Ryan

    I Know this article is a little old but thought its worth noting when running commands like that against all computers in the domain it would really be best to put -Properties LastLogonDate rather than -Properties *. Saves time and computing resources. Really like what your doing and some of your articles have been really helpful.


  2. OxfordSBSguy.com

    Thanks Ryan. I hadn’t considered that, but I can see how it would be more efficient. Most of the environments I work in are relatively small so there isn’t a huge impact by running the script. Part 2 of Get-ADComputer is still in draft form so I’ll add your suggestion to it.


  3. Alice

    Good article, I like this information that explanation to how find last logon date for the computers in active directory. There are good active directory cleanup solution available at http://activedirectorycleanup.hatenablog.com/. It helps to find out real last logon details of account in AD environment and generate comprehensive report on inactive accounts, never logged on users.

  4. Charles

    Hi Lukas! I appreciate the clear explanation and this was really helpful to me! I have a question though. How do I get it to check machines in a list (txt file) only and not all machines in AD?



    1. Ryan

      Hi Charles,

      You can do that by using the following command if you have each computer on a new line in the file.

      Get-Content C:TempComputerList.txt | Foreach-Object {Get-ADComputer $_ -Properties LastLogonDate} | Sort LastLogonDate | FT Name, LastLogonDate -Autosize | Out-File C:TempComputerLastLogonDate.txt


  5. Rodolfo

    as I get this result ?

    Computer Lastlogon User
    ——– —————— —-
    DC1 6/06/2013 16:38:24 user2
    DC2 6/06/2013 16:30:40 user1

  6. iswandi

    Hi Sir, Is it possible to generate a report that can show how long does a user not been using his email? Maybe 60 days or 180 days?

  7. Travis

    Hey Man – Good Article! Maybe I missed it (as it is the end of the day on Friday), but I have a large domain with multiple sites and OUs. How would I pull from specific OU or container?

    1. OxfordSBSguy.com

      You should be able to add -searchbase “ou=Sales,dc=ad,dc=oxfordsbsguy,dc=com” to limit the command to an ou or domain. Note- i’ve not tested this but used searchbase on other commands to limit the scope.

  8. Ming

    Why is the -Properties * is not working?

    PS C:\Windows\system32> Get-ADComputer -identity computer -Properties *
    Get-ADComputer : Missing an argument for parameter ‘Properties’. Specify a parameter of type ‘System.String[]’ and try again.
    At line:1 char:33
    + Get-ADComputer -identity computer -Properties
    + ~~~~~~~~~~~
    + CategoryInfo : InvalidArgument: (:) [Get-ADComputer], ParameterBindingException
    + FullyQualifiedErrorId : MissingArgument,Microsoft.ActiveDirectory.Management.Commands.GetADComputer

      1. Ming

        Yes, the get-adcomputer -identity computername cmd works.
        The get-adcomputer -identity computername -Properties LastLogonDate also works

        But get-adcomputer -identity computername -Properties * does not work with above error.

  9. Sami

    Great article! Thanks.
    Is there any way to determine WHO logged in to a computer using this command or some other PS command?
    I have a computer that was not used in a long time, but I would need to know who was the last logged in user.. Unfortunatelly I dont have the computer in network/reachable right now.

  10. john

    Can someone help me,when i’m try to run as per script given i’m stuck on Get-ADComputer -Identity SBS2K11and appear error as below

    Get-ADComputer : Cannot find an object with identity: ‘SBS2K11’ under: ‘DC=PETR
    At line:1 char:15
    + Get-ADComputer <<<< -Identity SBS2K11
    + CategoryInfo : ObjectNotFound: (SBS2K11:ADComputer) [Get-ADComp
    uter], ADIdentityNotFoundException
    + FullyQualifiedErrorId : Cannot find an object with identity: 'SBS2K11' u
    nder: 'DC=PETRONAS,DC=PETRONET,DC=DIR'.,Microsoft.ActiveDirectory.Manageme

    1. Ryan

      You were trying to search for an identity that was an example in this article. You would have to match the identity to something that exists within your environment.

      Get-AdComputer -Identity (Your Computer Name)

  11. Ryan

    Is there any way to filter by age of last logon? For example, show only computers whose last logon date is older than 90 days?

  12. Joel G

    This is great! Thank you!

    How would you add command to this to show what user account last logged onto the computer and a date?

    Get-ADComputer -Filter * -Properties * | Sort LastLogonDate | FT Name, LastLogonDate -Autosize | Out-File C:\Temp\ComputerLastLogonDate.txt

    Thank you!

  13. Philip

    is there a way to do both of these in one:

    $ServiceTagsPath=$filePath + ‘\DellAPIWarrantyLIST.csv’

    write-host ‘get all computer names from Active Directory…for Windows 7…’
    Get-ADComputer -properties * -filter {(operatingsystem -like “*Windows 7*”)} |
    Where-Object {$_.name -like “*-*”} |
    Where-Object {$_.name -NotLike “V7-*”} |
    Where-Object {$_.name -NotLike “*-NONE”} |
    Where-Object {$_.name -NotLike “*-ONCALL”} |
    Where-Object {$_.name -NotLike “*-BLACKBAUD”} |
    Where-Object {$_.name -NotLike “SC-WIN7-1”} |
    Where-Object {$_.name -NotLike “UT-SWCLIENT-01”} |
    Select-Object -property Name , LastLogonDate | export-csv $ServiceTagsPath -NoTypeInformation -Force

    $computers= Get-ADComputer -properties * -filter {(operatingsystem -like “*Windows 7*”)} |
    Where-Object {$_.name -like “*-*”} |
    Where-Object {$_.name -NotLike “V7-*”} |
    Where-Object {$_.name -NotLike “*-NONE”} |
    Where-Object {$_.name -NotLike “*-ONCALL”} |
    Where-Object {$_.name -NotLike “*-BLACKBAUD”} |
    Where-Object {$_.name -NotLike “SC-WIN7-1”} |
    Where-Object {$_.name -NotLike “UT-SWCLIENT-01”} |
    Select-Object -Expand Name

    Write-Host $computers.Length + ‘ computers found in Active Directory…’

    so as well as having a csv file with 2 columns, showing the Computer Name and LastLogondate, I’d have an array with just the computer names?

  14. Luis Almeida

    Get-ADComputer -Identity PC-00249 -Properties *

    is there a way to see the last user account that logged into the computer. Trying to figure out who touched the computer last.

  15. Bruce Bell

    “Luis Almeida
    9th November 2018 at 5:32 am
    Get-ADComputer -Identity PC-00249 -Properties *

    is there a way to see the last user account that logged into the computer. Trying to figure out who touched the computer last.”

    This is what I am looking for also. It is just a matter of getting the right verbiage for the pipes.

  16. Nuno Marques

    Just come by this tutorial, been looking for this for awhile.

    Is there a way of searching specific OU’s? I got different Sites OU so I just want to looking into specific ones.

    e.g OU-Site1, OU-Site2, OU-Site3, OU-Site4 – And I just want to look into OU-Site1 & OU-Site3

    Thank you in advance for any guidance.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.