#Requires -Modules ActiveDirectory
<#
.SYNOPSIS
    Checks the last time a computer authenticated to the domain.

.DESCRIPTION
    Queries Active Directory for a computer's last logon information,
    including LastLogonTimestamp (replicated) and LastLogon (DC-specific).

.PARAMETER ComputerName
    The name of the computer to check. Can be provided as a parameter or entered interactively.

.EXAMPLE
    .\Get-ComputerLastLogon.ps1 -ComputerName "WORKSTATION01"

.EXAMPLE
    .\Get-ComputerLastLogon.ps1
    (Will prompt for computer name)

.NOTES
    Must be run on a Domain Controller or a machine with RSAT AD tools installed.
    LastLogonTimestamp is replicated between DCs (updated every ~14 days).
    LastLogon is DC-specific and not replicated.
#>

[CmdletBinding()]
param(
    [Parameter(Position = 0)]
    [string]$ComputerName
)

if ([string]::IsNullOrWhiteSpace($ComputerName)) {
    $ComputerName = Read-Host "Enter computer name"
}

$ComputerName = $ComputerName.Trim().ToUpper() -replace '\$$', ''

try {
    $Computer = Get-ADComputer -Identity $ComputerName -Properties `
        LastLogonTimestamp, LastLogon, OperatingSystem, OperatingSystemVersion, `
        Created, Enabled, Description, DistinguishedName -ErrorAction Stop

    $LastLogonTimestamp = if ($Computer.LastLogonTimestamp) {
        [DateTime]::FromFileTime($Computer.LastLogonTimestamp)
    } else { "Never" }

    $LastLogon = if ($Computer.LastLogon -and $Computer.LastLogon -gt 0) {
        [DateTime]::FromFileTime($Computer.LastLogon)
    } else { "Never (on this DC)" }

    $DaysSinceLogon = if ($LastLogonTimestamp -ne "Never") {
        [math]::Round((New-TimeSpan -Start $LastLogonTimestamp -End (Get-Date)).TotalDays, 1)
    } else { "N/A" }

    Write-Host "`n===== Computer: $($Computer.Name) =====" -ForegroundColor Cyan
    Write-Host ""
    Write-Host "Last Logon (Replicated):  " -NoNewline -ForegroundColor Yellow
    Write-Host "$LastLogonTimestamp"
    Write-Host "Last Logon (This DC):     " -NoNewline -ForegroundColor Yellow
    Write-Host "$LastLogon"
    Write-Host "Days Since Last Logon:    " -NoNewline -ForegroundColor Yellow
    Write-Host "$DaysSinceLogon"
    Write-Host ""
    Write-Host "Account Enabled:          $($Computer.Enabled)"
    Write-Host "Operating System:         $($Computer.OperatingSystem) $($Computer.OperatingSystemVersion)"
    Write-Host "Created:                  $($Computer.Created)"
    Write-Host "Description:              $($Computer.Description)"
    Write-Host "DN:                       $($Computer.DistinguishedName)"
    Write-Host ""

} catch [Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException] {
    Write-Host "`nError: Computer '$ComputerName' not found in Active Directory." -ForegroundColor Red
} catch {
    Write-Host "`nError: $($_.Exception.Message)" -ForegroundColor Red
}