none
Old Computer Queries RRS feed

  • Question

  • Hello,

    Can anyone tell me how i can use PowerShell to query all computers in AD to grab computers that has not been modified in the last two years?

    Monday, March 28, 2016 6:18 PM

Answers

  • The whenModified attribute of an object reflects the last time the AD object was modified, but is not the last time a computer object was used. The attribute is not updated when the computer starts and authenticates in AD, or when a user logs on using that computer, or even when the computer account password changes. If someone modifies the description, the whenModified attribute would be updated at that time.

    You probably want to find computers that have not had their password changed in a long time, or have not authenticated in a long time. There are tools and scripts for that.


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    • Marked as answer by Centaur1963 Tuesday, March 29, 2016 1:33 PM
    Monday, March 28, 2016 6:57 PM
    Moderator
  • Oh, I didn't know that. Then let me change the requirement then. Is there a way i can query ad for all computers whos passwords has not changed in a year or 2?

    Help Search-AdAccount

    Follow the examples.


    \_(ツ)_/

    Monday, March 28, 2016 7:33 PM

All replies

  • Hi,

    Define 'not been modified'. What exactly are you looking to do here?


    Monday, March 28, 2016 6:27 PM
  • Active Directory does not keep that kind of information.


    \_(ツ)_/

    Monday, March 28, 2016 6:46 PM
  • The whenModified attribute of an object reflects the last time the AD object was modified, but is not the last time a computer object was used. The attribute is not updated when the computer starts and authenticates in AD, or when a user logs on using that computer, or even when the computer account password changes. If someone modifies the description, the whenModified attribute would be updated at that time.

    You probably want to find computers that have not had their password changed in a long time, or have not authenticated in a long time. There are tools and scripts for that.


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    • Marked as answer by Centaur1963 Tuesday, March 29, 2016 1:33 PM
    Monday, March 28, 2016 6:57 PM
    Moderator
  • All of these answers depend on Mike's question.

    To get inactive systems use Search-AdAccount .


    \_(ツ)_/

    Monday, March 28, 2016 7:10 PM
  • Sorry here is some more information:

    A way to query domain computers that has not been modified in 2 years. You can find that value in the object tab when going to the properties


    Monday, March 28, 2016 7:28 PM
  • Oh, I didn't know that. Then let me change the requirement then. Is there a way i can query ad for all computers whos passwords has not changed in a year or 2?
    Monday, March 28, 2016 7:31 PM
  • Oh, I didn't know that. Then let me change the requirement then. Is there a way i can query ad for all computers whos passwords has not changed in a year or 2?

    Help Search-AdAccount

    Follow the examples.


    \_(ツ)_/

    Monday, March 28, 2016 7:33 PM
  • Thanks i will start looking through the examples.
    Monday, March 28, 2016 7:37 PM
  • Is there a way to add when the last time the computer was rebooted also?

    Import-Module activedirectory
    [int]$ComputerPasswordAgeDays = 90
    IF ((test-path "c:\temp") -eq $False) { md "c:\temp" }
    $ExportFile = "c:\temp\InactiveWorkstations.csv"
    $ComputerStaleDate = (Get-Date).AddDays(-$ComputerPasswordAgeDays)
    $InactiveWorkstations = Get-ADComputer -filter { (passwordLastSet -le $ComputerStaleDate) -and (OperatingSystem -notlike "*Server*") -and (OperatingSystem -like "*Windows*") } -properties Name, DistinguishedName, OperatingSystem,OperatingSystemServicePack, passwordLastSet,LastLogonDate,Description
    $InactiveWorkstations | export-csv $ExportFile

    Tuesday, March 29, 2016 12:37 PM
  • As noted earlier AD does not keep that information.  You will have to query the computer directly for that information.

    You need to mark the answer her and open a new topic for new questions.


    \_(ツ)_/

    Tuesday, March 29, 2016 12:51 PM