Replace IPAddress column with DNSName (FQDN)

2026-02-02 10:47:17 +11:00
parent 6cb5bd6c96
commit 2aece2fab7
1 changed files with 33 additions and 26 deletions
--- a/Get-UserLastLogonComputer.ps1
+++ b/Get-UserLastLogonComputer.ps1
@@ -6,7 +6,7 @@
 .DESCRIPTION
    Queries Domain Controller security event logs for logon events (4624)
    to determine which computer each user last authenticated from.
-    Resolves IP addresses to computer names and looks up user display names.
+    Resolves IP addresses to DNS names and looks up user display names.

 .PARAMETER OutputPath
    Path for the output CSV file. Defaults to current directory.
@@ -64,38 +64,42 @@ Write-Host ""

 $StartDate = (Get-Date).AddDays(-$DaysBack)

-# Cache for IP to hostname resolution
-$IPCache = @{}
+# Cache for IP to DNS name resolution
+$DNSCache = @{}
 # Cache for user display names
 $UserCache = @{}

-function Resolve-IPToHostname {
+function Resolve-IPToDNSName {
    param([string]$IP)
    
    if ([string]::IsNullOrWhiteSpace($IP) -or $IP -eq '-' -or $IP -eq '::1' -or $IP -eq '127.0.0.1') {
-        return $null
+        return @{ Short = $null; FQDN = $null }
    }
    
-    if ($IPCache.ContainsKey($IP)) {
-        return $IPCache[$IP]
+    if ($DNSCache.ContainsKey($IP)) {
+        return $DNSCache[$IP]
    }
    
    try {
-        $hostname = [System.Net.Dns]::GetHostEntry($IP).HostName
-        $computerName = ($hostname -split '\.')[0].ToUpper()
-        $IPCache[$IP] = $computerName
-        return $computerName
+        # DNS reverse lookup returns FQDN
+        $fqdn = [System.Net.Dns]::GetHostEntry($IP).HostName
+        $shortName = ($fqdn -split '\.')[0].ToUpper()
+        $result = @{ Short = $shortName; FQDN = $fqdn.ToLower() }
+        $DNSCache[$IP] = $result
+        return $result
    } catch {
        try {
-            $computer = Get-ADComputer -Filter "IPv4Address -eq '$IP'" -Properties Name -ErrorAction SilentlyContinue
+            $computer = Get-ADComputer -Filter "IPv4Address -eq '$IP'" -Properties DNSHostName, Name -ErrorAction SilentlyContinue
            if ($computer) {
-                $IPCache[$IP] = $computer.Name
-                return $computer.Name
+                $result = @{ Short = $computer.Name; FQDN = if ($computer.DNSHostName) { $computer.DNSHostName.ToLower() } else { '' } }
+                $DNSCache[$IP] = $result
+                return $result
            }
        } catch {}
        
-        $IPCache[$IP] = $null
-        return $null
+        $result = @{ Short = $null; FQDN = $null }
+        $DNSCache[$IP] = $result
+        return $result
    }
 }

@@ -161,17 +165,20 @@ try {
        if ($Domain -in @('Window Manager', 'Font Driver Host', 'NT AUTHORITY')) { continue }
        if ([string]::IsNullOrWhiteSpace($Username)) { continue }

-        # Determine computer name
+        # Determine computer name and DNS name
        $Computer = $null
-        if (-not [string]::IsNullOrWhiteSpace($Workstation) -and $Workstation -ne '-') {
-            $Computer = $Workstation.ToUpper()
-        } elseif (-not $SkipIPResolve -and -not [string]::IsNullOrWhiteSpace($IPAddress)) {
-            $Computer = Resolve-IPToHostname -IP $IPAddress
+        $DNSName = ''
+        
+        if (-not $SkipIPResolve -and -not [string]::IsNullOrWhiteSpace($IPAddress) -and $IPAddress -ne '-') {
+            $resolved = Resolve-IPToDNSName -IP $IPAddress
+            if ($resolved.Short) { $Computer = $resolved.Short }
+            if ($resolved.FQDN) { $DNSName = $resolved.FQDN }
        }
        
+        # Fall back to WorkstationName if IP didn't resolve
        if ([string]::IsNullOrWhiteSpace($Computer)) {
-            if (-not [string]::IsNullOrWhiteSpace($IPAddress) -and $IPAddress -ne '-') {
-                $Computer = "[$IPAddress]"
+            if (-not [string]::IsNullOrWhiteSpace($Workstation) -and $Workstation -ne '-') {
+                $Computer = $Workstation.ToUpper()
            } else {
                $Computer = "Unknown"
            }
@@ -187,7 +194,7 @@ try {
                Username      = $Username
                DisplayName   = ''  # Will populate after
                Computer      = $Computer
-                IPAddress     = if ($IPAddress -and $IPAddress -ne '-') { $IPAddress } else { '' }
+                DNSName       = $DNSName
                LogonTime     = $LogonTime
                LogonType     = switch ($LogonType) {
                    2  { "Interactive" }
@@ -217,7 +224,7 @@ try {
    }

    # Export to CSV
-    $Results | Select-Object Domain, Username, DisplayName, Computer, IPAddress, LogonTime, LogonType | 
+    $Results | Select-Object Domain, Username, DisplayName, Computer, DNSName, LogonTime, LogonType | 
        Export-Csv -Path $CsvFile -NoTypeInformation -Encoding UTF8

    Write-Host "`n===== Results =====" -ForegroundColor Green
@@ -226,7 +233,7 @@ try {
    Write-Host ""

    # Display summary table
-    $Results | Format-Table Domain, Username, DisplayName, Computer, LogonTime, LogonType -AutoSize
+    $Results | Format-Table Domain, Username, DisplayName, Computer, DNSName, LogonTime, LogonType -AutoSize

 } catch [System.Exception] {
    if ($_.Exception.Message -match "No events were found") {