Add Get-ComputerLastLogon.ps1 script

2026-01-19 13:20:08 +11:00
commit 947ad70409
1 changed files with 75 additions and 0 deletions
--- a/Get-ComputerLastLogon.ps1
+++ b/Get-ComputerLastLogon.ps1
@@ -0,0 +1,75 @@
+#Requires -Modules ActiveDirectory
+<#
+.SYNOPSIS
+    Checks the last time a computer authenticated to the domain.
+
+.DESCRIPTION
+    Queries Active Directory for a computer's last logon information,
+    including LastLogonTimestamp (replicated) and LastLogon (DC-specific).
+
+.PARAMETER ComputerName
+    The name of the computer to check. Can be provided as a parameter or entered interactively.
+
+.EXAMPLE
+    .\Get-ComputerLastLogon.ps1 -ComputerName "WORKSTATION01"
+
+.EXAMPLE
+    .\Get-ComputerLastLogon.ps1
+    (Will prompt for computer name)
+
+.NOTES
+    Must be run on a Domain Controller or a machine with RSAT AD tools installed.
+    LastLogonTimestamp is replicated between DCs (updated every ~14 days).
+    LastLogon is DC-specific and not replicated.
+#>
+
+[CmdletBinding()]
+param(
+    [Parameter(Position = 0)]
+    [string]$ComputerName
+)
+
+if ([string]::IsNullOrWhiteSpace($ComputerName)) {
+    $ComputerName = Read-Host "Enter computer name"
+}
+
+$ComputerName = $ComputerName.Trim().ToUpper() -replace '\$$', ''
+
+try {
+    $Computer = Get-ADComputer -Identity $ComputerName -Properties `
+        LastLogonTimestamp, LastLogon, OperatingSystem, OperatingSystemVersion, `
+        Created, Enabled, Description, DistinguishedName -ErrorAction Stop
+
+    $LastLogonTimestamp = if ($Computer.LastLogonTimestamp) {
+        [DateTime]::FromFileTime($Computer.LastLogonTimestamp)
+    } else { "Never" }
+
+    $LastLogon = if ($Computer.LastLogon -and $Computer.LastLogon -gt 0) {
+        [DateTime]::FromFileTime($Computer.LastLogon)
+    } else { "Never (on this DC)" }
+
+    $DaysSinceLogon = if ($LastLogonTimestamp -ne "Never") {
+        [math]::Round((New-TimeSpan -Start $LastLogonTimestamp -End (Get-Date)).TotalDays, 1)
+    } else { "N/A" }
+
+    Write-Host "`n===== Computer: $($Computer.Name) =====" -ForegroundColor Cyan
+    Write-Host ""
+    Write-Host "Last Logon (Replicated):  " -NoNewline -ForegroundColor Yellow
+    Write-Host "$LastLogonTimestamp"
+    Write-Host "Last Logon (This DC):     " -NoNewline -ForegroundColor Yellow
+    Write-Host "$LastLogon"
+    Write-Host "Days Since Last Logon:    " -NoNewline -ForegroundColor Yellow
+    Write-Host "$DaysSinceLogon"
+    Write-Host ""
+    Write-Host "Account Enabled:          $($Computer.Enabled)"
+    Write-Host "Operating System:         $($Computer.OperatingSystem) $($Computer.OperatingSystemVersion)"
+    Write-Host "Created:                  $($Computer.Created)"
+    Write-Host "Description:              $($Computer.Description)"
+    Write-Host "DN:                       $($Computer.DistinguishedName)"
+    Write-Host ""
+
+} catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException] {
+    Write-Host "`nError: Computer '$ComputerName' not found in Active Directory." -ForegroundColor Red
+} catch {
+    Write-Host "`nError: $($_.Exception.Message)" -ForegroundColor Red
+}