Find Inactive Computers in Active Directory with Powershell

Keeping Active Directory clean can help you to increase the security of your environment , reduce bandwidth of replication if you have multiple Sites in different countries , manage more efficient your Active Directory Users and Computers. 

These are some of the basic advantages that can have. 

Unfortunately if the company that you are work has lot of users and computers it's not so easy task. I 'm sure that some of you have to do with hundreds of users and computers in Active Directory and multiple Organization Units.  

What are you doing then ? 

Powershell in this task can help you and this is the today subject that will discuss. 

So how can work in Powershell to find Inactive Computers ?

You have multiple options but today i will discuss ne of them

With the attribute LastLogonTimeStamp

Just t note that every time which publish article with  Powershell Commands will be added in Useful Powershell Commands that can use it every day

Let's start

With the attribute LastLogonTimeStamp

Before start to proceed with the Powershell script some words for the Lastlogontimestamp attribute.  The purpose of the attribute is t help IT Pro to identify inactive objects in active directory. Attribute It's not design for real-time logon information. LastlogonTimestamp will be 9-14 days behind the current state as per The LastLogonTimeStamp Attribute” – “What it was designed for and how it works  from Microsoft Technet.

The attribute can be found in object of computer in Active Directory with.

Right click in one of the Computers. Go in Attribute Tab and scroll down to find it.

So let's start to found Inactive Computers in Active Directory.

  • First thing open Powershell and start with the command Get-ADComputer.
  • Let's type and press enter. The command will return all the Computers in Active Directory with the Properties that select and lastlogontimestamp.

Get-ADComputer -Filter * -Properties Name,OperatingSystem ,lastlogontimestamp

  • You will get a report like this 

  • As you can see the Report it's not so helpful with this format.
  • Also the attribute Lastlogntimestamp return an integer number that it's has nothing to do with date.
  • I must do changes to get a report that can help me instead to confuse me.
  • So i will use the  property Select that can help me to create the report with the properties that i want to read and convert lastlogontimestamp number to date.
  • So let's type

Get-ADComputer -Filter * -Properties Name,OperatingSystem ,lastlogontimestamp | Select Name,OperatingSystem ,@{N='lastlogontimestamp'; E={[DateTime]::FromFileTime($_.lastlogontimestamp)}}

  • This looks better and i can have only the info that i want.

  • Let's explain what i wrote in this command:
  • Get-ADComputer -Filter * = I use this command to retrieve Computer properties from Active Directory. With the -Filter can filter from which Organization Unit you want to retrieve Computer Properties. With the * says to retrieve from everywhere.
  • -Properties = Select which properties i want to display .
  • -Select = As i wrote before with  this command can format the report as i want for better results.
  • @{N='lastlogontimestamp'; E={[DateTime]::FromFileTime($_.lastlogontimestamp) = Here take an advantage of a small feature that can use it in Powershell. We create a new  property which Convert the integer number of lastlogontimestamp to date-time format.

Now i can identify inactive computers in the Active Directory and delete them.

What about environments that has 500 or 600 users ?

I must export in Excel the Report and after Filter it with Dates and , and , and ...

Let's go in more easy way.

  • I want to identify Computers which are inactive more than 60 days.
  • The days must specify from you base on your company policies and structure.
  • But today Let's try with 60 days 
  • To achieve this must specify a condition with the time that want as following.
    $inactive=60
    $time = (Get-Date).Adddays(-($DaysInactive))
  • and the command will be 

Get-ADComputer -Filter {lastlogontimestamp -lt $time}  -Properties Name,OperatingSystem , lastlogontimestamp| Select Name,OperatingSystem ,@{N='lastlogontimestamp'; E={[DateTime]::FromFileTime($_.lastlogontimestamp)}}​

  • All the script together will be

$DaysInactive = 60
$time = (Get-Date).Adddays(-($DaysInactive))
Get-ADComputer -Filter {lastlogontimestamp -lt $time}  -Properties Name,OperatingSystem , lastlogontimestamp| Select Name,OperatingSystem ,@{N='lastlogontimestamp'; E={[DateTime]::FromFileTime($_.lastlogontimestamp)}}

  • What we have done?
  • $inactive = 60  = We create a variable with number 60
  • $time = (Get-Date).Adddays(-($Inactive))  =  I use the Get-Date to take the today date and calcuate with Adddays - 60 days.
  • So go in command line and use the -Filter with lastlogontimestamp to retrieve only Computers which are inactive more than 60 days.
  • And these are the results.

 

I hope t find useful these Powershell Commands and reduce time of the specific task.

Have a nice weekend !!!!

What other options you have t identify inactive computers. Tell us your options in our commented system.

Tags