Recently, I needed to clean up a client’s computer accounts in AD. I wanted to see when each computer was last logged into (according to AD, anyway). This would help me identify any old or outdated accounts.
For this, I used the IT Professional’s handy sidekick: Powershell. This command brought me exactly what I needed:
Get-ADComputer -Filter * -Properties * | Sort LastLogonDate | FT Name, LastLogonDate -Autosize | Out-File C:\Temp\ComputerLastLogonDate.txt
Using this command will get you an output that looks like this (PC names redacted, BTW):
…and it’ll put it into a text file saved to the path of your choice.
Let’s break this command down:
Get-ADComputer – A cmdlet which fetches computer accounts from Active Directory based on specified filter criteria. If you try to use this cmdlet by itself, Powershell will interrupt and ask you to specify what it should look for.
-Filter * – This Filter command, when paired with the wildcard asterisk, will look at all computer accounts.
-Properties * – This Properties command with the asterisk looks at all computer accounts pulled in by the filter.
| Sort LastLogonDate – As the name implies, organizes the results by their last domain logon date.
| FT Name, LastLogonDate -Autosize – Finally, the FT command (Format-Table) places the results into a coherent table form and uses the command Autosize to space them nicely and evenly, easy on the eyes.
And lastly: | Out-File C:\Temp\ComputerLastLogonDate.txt – This takes the results and puts them into a text file saved to the specified path. This is useful for the placing the results into, for instance, an Excel document.
Powershell is a great tool for Active Directory investigation and automation. Check out the Active Directory Cmdlets section of the Powershell Technet to see even more useful applications.
Discussion
No comments yet.