-1

I am looking to run a PowerShell report against Active Directory to find all Windows 7 pcs that have logged on in the past 90 days.

I often use this report with Quest to cleanup AD and this is the exact detail I'm looking for in order to find active Windows 7 pcs which I can then easily filter through for audit.

Get-QADComputer -InactiveFor 90 | export-csv -path c:\deadclients.csv

Can anyone tell me how I can modify this command?

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
user2776281
  • 9
  • 1
  • 2
  • 5
  • Can you clarify your question a little bit? Why can't you use the command you included in your question? – aphoria Oct 01 '14 at 16:27
  • You want to _modify this command_ but you dont explain what you want or to what extent. – Matt Oct 01 '14 at 16:28

2 Answers2

0

I think he is asking for the opposite version of what this command does (it returns computers older than 90 days, he wants the ones more recent).

I am not familiar with the quest cmdlets, but here is how you would do it using the native AD cmdlets. You can probably see what I am doing and adjust it to your needs if you still want to use the quest stuff...

get-adcomputer -filter * -prop LastLogonDate | ? {$_.LastLogonDate -gt (Get-Date).AddDays(-104)} | select name,lastlogondate

One thing you will want to note is that the lastlogondate property is not accurate and can be up to 14 days behind the current date even if the computer has been logged on more recently than that so you will want to consider adjusting your search parameter as a result. I changed it to 104 in this case.

Here is an article explaining the property and why it lags behind the actual last logon of a device:

http://blogs.technet.com/b/askds/archive/2009/04/15/the-lastlogontimestamp-attribute-what-it-was-designed-for-and-how-it-works.aspx

Edit: Updated answer - 

$date = (get-date).AddDays(-104)
get-adcomputer -filter { LastLogonDate -gt $date -and OperatingSystem -like "Windows 7*"} -prop LastLogonDate,OperatingSystem | 
select name,lastlogondate,OperatingSystem,distinguishedname
Noah Sparks
  • 1,710
  • 13
  • 14
  • 1
    I would strongly recommend changing that to filter at the provider. `-Filter { LastLogonDate -gt (get-date).AddDays(-104) }`. Then removing the `?{...}` portion. Filtering at the provider level is faster than getting all results (in this case every computer object in AD), and then making PowerShell filter all the results. – TheMadTechnician Oct 01 '14 at 20:56
  • Yes it is the opposite I need to do from the command I have. Noah this one is what I need but is there a way to only show Windows 7 and the AD container the pc is in? – user2776281 Oct 02 '14 at 09:13
  • @TheMad - Fair point, the syntax needs to be a little different but it is more efficient...out of curiosity I measured it against filtering later and in our environment with 9016 computer objects filtering at the provider was 3 seconds faster. – Noah Sparks Oct 02 '14 at 13:38
0

I was able to use the script from this site to Find Windows XP Computers Still Alive in Your Active Directory Domain and modified it to Windows 7.

Within Excel I then filtered the computers by the Last Logon Timestamp.

user2776281
  • 9
  • 1
  • 2
  • 5