44 lines
1.4 KiB
Markdown
44 lines
1.4 KiB
Markdown
# AD-ComputerLastLogon
|
|
|
|
PowerShell script to check when a computer last authenticated to the Active Directory domain.
|
|
|
|
## Requirements
|
|
|
|
- Windows PowerShell 5.1 or PowerShell 7+
|
|
- Active Directory PowerShell module (RSAT)
|
|
- Run on a Domain Controller or machine with AD connectivity
|
|
|
|
## Usage
|
|
|
|
### Interactive Mode
|
|
```powershell
|
|
.\Get-ComputerLastLogon.ps1
|
|
# You will be prompted to enter a computer name
|
|
```
|
|
|
|
### With Parameter
|
|
```powershell
|
|
.\Get-ComputerLastLogon.ps1 -ComputerName "WORKSTATION01"
|
|
```
|
|
|
|
## Output
|
|
|
|
The script displays:
|
|
|
|
| Field | Description |
|
|
|-------|-------------|
|
|
| **Last Logon (Replicated)** | `LastLogonTimestamp` - replicated across DCs, updated ~every 14 days |
|
|
| **Last Logon (This DC)** | `LastLogon` - specific to the DC you're querying, not replicated |
|
|
| **Days Since Last Logon** | Calculated from the replicated timestamp |
|
|
| **Account Enabled** | Whether the computer account is enabled |
|
|
| **Operating System** | OS name and version |
|
|
| **Created** | When the computer account was created |
|
|
| **Description** | AD description field |
|
|
| **DN** | Distinguished Name (full AD path) |
|
|
|
|
## Notes
|
|
|
|
- **LastLogonTimestamp** is the more reliable field for determining if a computer is active, as it's replicated between all DCs
|
|
- **LastLogon** only reflects activity on the specific DC you're querying
|
|
- The replicated timestamp is only updated approximately every 14 days to reduce replication traffic
|