1.4 KiB
1.4 KiB
AD-ComputerLastLogon
PowerShell script to check when a computer last authenticated to the Active Directory domain.
Requirements
- Windows PowerShell 5.1 or PowerShell 7+
- Active Directory PowerShell module (RSAT)
- Run on a Domain Controller or machine with AD connectivity
Usage
Interactive Mode
.\Get-ComputerLastLogon.ps1
# You will be prompted to enter a computer name
With Parameter
.\Get-ComputerLastLogon.ps1 -ComputerName "WORKSTATION01"
Output
The script displays:
| Field | Description |
|---|---|
| Last Logon (Replicated) | LastLogonTimestamp - replicated across DCs, updated ~every 14 days |
| Last Logon (This DC) | LastLogon - specific to the DC you're querying, not replicated |
| Days Since Last Logon | Calculated from the replicated timestamp |
| Account Enabled | Whether the computer account is enabled |
| Operating System | OS name and version |
| Created | When the computer account was created |
| Description | AD description field |
| DN | Distinguished Name (full AD path) |
Notes
- LastLogonTimestamp is the more reliable field for determining if a computer is active, as it's replicated between all DCs
- LastLogon only reflects activity on the specific DC you're querying
- The replicated timestamp is only updated approximately every 14 days to reduce replication traffic