none
in Active Directory, How do you check the last time a computer has been logged in? Not the user, but the computer itself. RRS feed

  • Question

  • in Active Directory, How do you check the last time a computer has been logged in?  Not the user, but the computer itself.  I'm wanting to delete old computer objects that are no longer in service.
    Friday, February 21, 2014 4:21 PM

All replies

  • in Active Directory, How do you check the last time a computer has been logged in?  Not the user, but the computer itself.  I'm wanting to delete old computer objects that are no longer in service.

    Perhaps the most reliable way to identify "old computer objects" is to look at the computer account password reset date.

    Computer account passwords are automatically reset every <30 days. If a computer account password is 30+ days old, that's almost a bona fide indication that a computer is no longer active on the network. (The obvious exception would be notebooks that remain off sites for extended periods of time.)

    I'm not aware that either value is available via ADUC, but they're both available via an LDAP query, and the COMPUTER$ account logons are also logged in the DC's Security Log. Filter on Source="Security" and Category="Logon/Logoff" and EventID=540 and User=<theMachineNameOfInterest>.


    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

    Friday, February 21, 2014 6:37 PM
  • Hi,

    How are you? I wonder that you can also use a powershell script in order to get the list of computers with their corresponding last logon date(lastlogontimestamp attribute), as you can see below:

    import-module ActiveDirectory
    $CompLists = Get-ADComputer -Filter { OperatingSystem -NotLike '*Server*' } -Properties OperatingSystem
    foreach($Comps in $CompList) {
        Get-ADComputer $Comps.Name -Properties lastlogontimestamp |
        Select-Object @{n="Computer";e={$_.Name}}, @{Name="Lastlogon"; Expression={[DateTime]::FromFileTime($_.lastLogonTimestamp)}}

    Hope it helps, please let us know your comments,

    Regards,

    Oscar.


    Remigio Oscar Iglesias |MCP 2000|MAP 2009/2010/2011|MCTS SCCM 2007|BlackBerry Trainer|MCTS Exchange 2007|MCTS Active Directory 2008| |MCITP SA WINDOWS 2008|MCTS Windows Server 2008|MCT| E-mail: remigioiglesias@live.com twitter: @remigioiglesias

    Saturday, March 1, 2014 6:48 PM
  • I have a word document that shows how we do it with a GPO and script. We then tie it to an SQL database (using Access Frontend) that track all AD user log in/off events.  If you want a copy email me.
    Thursday, March 27, 2014 3:59 AM
  • I would like to use that. what is your e-mail?

    Thursday, March 27, 2014 10:30 PM
  • Thanks, Just sent you an e-mail.
    Thursday, March 27, 2014 10:46 PM
  • Did it work for you? If you have any question just email me.
    Sunday, April 6, 2014 7:43 AM