Working for an IT Company, providing a support service we have to keep on top of day to day admin tasks, one of these tasks is keeping Active Directory in order. This task can become more difficult as time goes by, as I am sure I am not the only one who does not keep AD up to date when removing PC’s and Servers from the domain… below is a handy little PowerShell script that I put together that will output any PC / Server that has not logged on for 60 days or more:
$ErrorActionPreference=”SilentlyContinue”
Stop-Transcript | out-null
$ErrorActionPreference = “Continue”
Start-Transcript -path C:\output.txt -append
$maxOldLogonDays = 60
$adsiSearcher = new-object DirectoryServices.DirectorySearcher(“LDAP://rootdse”)
$adsiSearcher.filter = “objectCategory=Computer”
$adsiSearcher.findall() |
Foreach-Object `
{
“Processing $($_.path)”
$rawLogon = $_.properties.item(“lastlogon”)
$convertedLogOn = [datetime]::FromFileTime([int64]::Parse($rawLogon))
If( ((get-date) – $convertedLogOn).days -ge $maxOldLogonDays )
{
“$($_.properties.item(‘distinguishedName’))
has not logged on for more than $maxOldLogonDays days”
} #end if
} #end foreach
Stop-Transcript
All you need to do is copy and paste the above text to a notepad file and save it as a .PS1 (powershell commandlet format)