I had a requirement to get list of active computers from Active Directory with some stored properties in computer account like OS, OS version and OU name where the computer account exists. I have defined the active computer as if LastLogonDate is less than 60 days. Here is the script.
P.S. Your computer should be installed with Powershell ActiveDirectory module.
# # Name : ListActiveComputers.ps1 # Purpose: Get active computer accounts from active directory by # checking the last logon date. Get the properties of computer # account (name,OS,OSverion,lastlogondate and CanonicalName) # and save it to ActiveComputers.csv file. # # Written by Anand Venkatachalapathy # Date written: 03/28/2012 # Import-Module ActiveDirectory # get today's date $today = Get-Date #Get today - 60 days (2 month old) $cutoffdate = $today.AddDays(-60) #Get the computer accounts filtered by lastlogondate. # Select only required properties of the computer account # and export it to a file Get-ADComputer -Properties * -Filter {LastLogonDate -gt $cutoffdate} ` | Select Name,OperatingSystem,OperatingSystemVersion, ` LastLogonDate,CanonicalName | Export-Csv ./ActiveComputers.csv
Download the script here: ListActiveComputers.ps1
Sory to say LastLoginDate did not show the last time, when computer account was modified you have to use Modified see my article http://faqwiki.blogspot.com/2013/03/powershell-script-ps1-to-show-inactive.html Anyway thanks for script I remade it for my needs
Gior – It’s actually PasswordLastSet, sorry to say you are wrong also.
But you can still have an active computer that hasn’t been logged into in a long time… such as a Domain Controller or some other application machine. It may post or serve data that otherwise wouldn’t ever need to actually be logged into (with maybe the exception of it being setup and/or configured)… thus being missed by this report.
The only real way is to generate your report on ALL computers in AD and sequentially look them up in DNS, PING (although firewalls may prevent PING), or something other active query/response mechanism. AD isn’t going to be able to tell you if it’s active… only display properties (attributes) that were recorded the last time it was queried.