For Windows 2003/2008
(Must be 2003 Native domain or newer)
In a Command Prompt window type:
For Windows 2008 R2+
In a PowerShell window type:
You can change what you include in the select command at the end to get more or different info.
If you want to then remove all resulting computer accounts use the following command:
That is, to remove all computers older than $time use the following command:
References:
http://blog.mattvogt.net/powershell-last-logon-timestamp-for-single-ho
(Must be 2003 Native domain or newer)
In a Command Prompt window type:
dsquery computer -inactive <num>Where <num> is the minimum number of weeks the device has been inactive for. Advice seems to be to use at least 2, as anything less than that is not fully reliable.
For Windows 2008 R2+
In a PowerShell window type:
$time=Read-host "Enter a date in format mm/dd/yyyy"then
Get-ADComputer -Filter * | Get-ADObject -Properties lastlogontimestamp | where {(([DateTime]::FromFileTime($_.lastlogontimestamp) - ([system.datetime]$time)).totaldays) -lt 0 } | select name
You can change what you include in the select command at the end to get more or different info.
If you want to then remove all resulting computer accounts use the following command:
Remove-ADObject -recursivein place of the select name
That is, to remove all computers older than $time use the following command:
For more detail or a better example (of which this is basically a cut and paste at the moment), see reference site below.Get-ADComputer -Filter * | Get-ADObject -Properties lastlogontimestamp | where {(([DateTime]::FromFileTime($_.lastlogontimestamp) - ([system.datetime]$time)).totaldays) -lt 0 } | Remove-ADObject -recursive
References:
http://blog.mattvogt.net/powershell-last-logon-timestamp-for-single-ho
Thanks for sharing your thought and suggestion related to how find old computers in active directory. I found good information from http://www.lepide.com/active-directory-cleaner/ which helps to identify computer account that have not been logged within last 8 months and manage inactive accounts. It's get reports on never logged on users, inactive accounts and accurate last logon details of accounts.
ReplyDeleteNice! Cheers for the alternative tools.
ReplyDeleteThanks for sharing useful PowerShell script which helps to find out inactive computer accounts in active direc tory environment. I tried this active directory cleanup tool ( https://blog.netwrix.com/2018/02/15/the-ten-best-free-active-directory-management-tools/ ) which generates reports on inactive user accounts who never logged and real last logon information of accounts and manage inactive accounts.
ReplyDelete