none
get a list of active AD computers on domain RRS feed

Answers

All replies

  • Hi

    check these links

    http://technet.microsoft.com/en-us/library/dd378937(v=WS.10).aspx

    http://technet.microsoft.com/en-us/library/ff730967.aspx

    For inactive computers

    http://jthys.wordpress.com/2011/04/05/powershell-get-inactive-computer-objects-in-ad/

    It's your tack to customize the code  for the specific period of activity/inactivity


    Romeo Donca, Orange Romania (MCSE, MCITP, CCNA) Please Mark As Answer if my post solves your problem or Vote As Helpful if the post has been helpful for you.

    Thursday, May 29, 2014 10:04 PM
  • You need to define what active, or inactive, really means. If you're after computers that are enabled, as opposed to disabled, then do something like the first example to return all your AD computer objects that are enabled.

    Get-ADComputer -Filter {Enabled -eq $True}

    If what you really want are computers that haven't logged on, in say 90 days, then you'll need to gather each computer's LastLogonDate and compare it to today's date. I haven't tested this code, but it should work.

    While testing this example, you might want to change the first line to Get-ADComputer -Identity 'computername' -Properties LastLogonDate so you can test this against a single computer before you do it against all your computers. Have fun and good luck!

    $Computers = Get-ADComputer -Filter * -Properties LastLogonDate
    ForEach ($Computer in $Computers) {
        $Days = New-TimeSpan -Start $Computer.LastLogonDate -End (Get-Date) | Select-Object -ExpandProperty Days
        If ($Days -gt 90) {
            $Output += "$Computer hasn't logged on in more than 90 days.`r`n"
        }
    }
    Write-Output $Output



    Thursday, May 29, 2014 10:43 PM
  • I tried this command

    $neverused = Get-QADComputer -SearchRoot $OU -SizeLimit 0 -IncludedProperties LastLogonTimeStamp | where { $_.LastLogonTimeStamp -eq $null }

    but turns out nothing

    but I do have machines in that ou that is no longer online or part of the domain

    why is that

    Thursday, May 29, 2014 11:05 PM
  • If we use PowerShell we can just do this very simple method. It is faster because it does not try to return all computers then test them.

    Try it:

    Get-ADComputer -Filter "LastLogonDate -lt '$([datetime]::Today.AddDays(-90))'"

    Change the -90 to anything you think is reliable.

    In PowerShell we can generally do away with loops and arrays for many things.  That is old VBScript and batch thinking.

    What if you don't have AD CmdLets?


    ¯\_(ツ)_/¯

    Thursday, May 29, 2014 11:14 PM
  • No takers?

    $dt64=[datetime]::ToDay.AddDays(-90).ToFileTImeUTC().ToString()
    ([adsisearcher]"(&(objectclass=computer)(lastlogontimestamp<=$dt64))").FindAll()

    No AD CmdLets, No Quest ActiveRoles. Works from any workstation.

    (I am spoiled.  I couldn't remember that it was llts for a bit.)

    This is very efficient but will need to be tweeked if you have more than 1000 inactive machines.


    ¯\_(ツ)_/¯

    Thursday, May 29, 2014 11:40 PM
  • I tried this command

    $neverused = Get-QADComputer -SearchRoot $OU -SizeLimit 0 -IncludedProperties LastLogonTimeStamp | where { $_.LastLogonTimeStamp -eq $null }

    but turns out nothing

    but I do have machines in that ou that is no longer online or part of the domain

    why is that

    LastLogonTimeStamp will never be null.

    If you have Quest then this is the correct query:

    $dt64=[datetime]::ToDay.AddDays(-90).ToFileTImeUTC().ToString()
    Get-QADComputer -SearchRoot $OU -LdapFilter  "lastlogontimestamp<=$dt64"

    We can always use native commands:


    ¯\_(ツ)_/¯

    Thursday, May 29, 2014 11:47 PM
  • Native command:

    dsquery computer "OU=Sales,DC=Contoso,DC=Com" -Inactive 12

    INACTIVE is number of weeks.

    In powershell we can do this

    dsquery computer "OU=Sales,DC=Contoso,DC=Com" -Inactive 12 |
         ForEach-Object{
              Get-AdComputer $_
    }

    or use Get-QADComputer.


    ¯\_(ツ)_/¯

    Thursday, May 29, 2014 11:53 PM
  • Search-ADAccount -AccountInactive -Timespan 90 -ComputersOnly -ResultPageSize 1000 -ResultSetSize $null



    Friday, May 30, 2014 4:19 AM
  • LastLogonTimeStamp will never be null.

    If you create a computer account and never use it, lastLogonTimestamp will be null.


    -- Bill Stewart [Bill_Stewart]

    Friday, May 30, 2014 1:33 PM
    Moderator