rss logo

List Inactive Computers and Users in an Active Directory Domain

PowerShell logo

Intro

Over time, in an Active Directory, it becomes inevitable to end up with parasitic computers and users objects. By parasites, I simply mean that they are no longer used in the company (computers and/or users physically destroyed, stolen, lost, gone etc…).

In this case, it may be worth cleaning up our Active Directory, but the question is: how do we get a list of computers and users no longer in use in an AD domain?

The aim of this article is to show yo how to obtain a list of computers and/or users who have not logged on to the domain for a predefined number of days, using PowerShell.

Get the list of AD users or computers

The first thing you need to know is how to obtain a list of AD users or computers.

  • From a Domain Controller, open a Windows PowerShell console with administrator rights:
PowerShell | Open PowerShell Console as administrator

List Computers

  • Enter this command to get all computers:
PS C:\ > (Get-ADComputer -Filter '*').Name
  • Enter this command to get all computers whose name begins with PC:
PS C:\ > (Get-ADComputer -Filter 'Name -Like "PC*"').Name
  • Example:
PowerShell | get computers name

List Users

  • Enter this command to get all the users:
PS C:\ > (Get-ADUser -Filter '*').SamAccountName
  • Example:
PowerShell | get users name

Get AD Users or Computers LastLogon

  • To find out when the object was last seen, we'll use the LastLogonTimeStamp property:
PS C:\ > $user = "e.cartman"
PS C:\ > Get-ADUser "$user" -Properties LastLogonTimeStamp
  • Example:
PowerShell | Get-ADUser and Get-ADComputer output
  • As we can see, we can't use the raw information retrieved. We need to use [DateTime]::FromFileTime to convert them into a human-readable format:
PS C:\ > [DateTime]::FromFileTime((Get-ADUser "$user" -Properties LastLogonTimeStamp).LastLogonTimeStamp)
  • Which is better:
PowerShell | Print LastLogon date

Application

We now have everything we need to compile a list of our computers or users.

  • Let's say we want a list of Computers that haven't been seen in 120 days:
PS C:\ > $days = 120
PS C:\ > Get-ADComputer -Filter '*' -Properties LastLogonTimeStamp | where { ($(Get-Date)-[DateTime]::FromFileTime($_.LastLogonTimeStamp)).Days -gt $days } | Select-Object Name
PowerShell | List old computers objects
  • Let's say we want a list of Users that haven't been seen in 120 days:
PS C:\ > $days = 120
PS C:\ > Get-ADUser -Filter '*' -Properties LastLogonTimeStamp | where { ($(Get-Date)-[DateTime]::FromFileTime($_.LastLogonTimeStamp)).Days -gt $days } | Select-Object Name
PowerShell | List old users account

References