# AD-ComputerLastLogon

PowerShell script to check when a computer last authenticated to the Active Directory domain.

## Requirements

- Windows PowerShell 5.1 or PowerShell 7+
- Active Directory PowerShell module (RSAT)
- Run on a Domain Controller or machine with AD connectivity

## Usage

### Interactive Mode
```powershell
.\Get-ComputerLastLogon.ps1
# You will be prompted to enter a computer name
```

### With Parameter
```powershell
.\Get-ComputerLastLogon.ps1 -ComputerName "WORKSTATION01"
```

## Output

The script displays:

| Field | Description |
|-------|-------------|
| **Last Logon (Replicated)** | `LastLogonTimestamp` - replicated across DCs, updated ~every 14 days |
| **Last Logon (This DC)** | `LastLogon` - specific to the DC you're querying, not replicated |
| **Days Since Last Logon** | Calculated from the replicated timestamp |
| **Account Enabled** | Whether the computer account is enabled |
| **Operating System** | OS name and version |
| **Created** | When the computer account was created |
| **Description** | AD description field |
| **DN** | Distinguished Name (full AD path) |

## Notes

- **LastLogonTimestamp** is the more reliable field for determining if a computer is active, as it's replicated between all DCs
- **LastLogon** only reflects activity on the specific DC you're querying
- The replicated timestamp is only updated approximately every 14 days to reduce replication traffic