|
|
 FAQ
 Search
 Memberlist
 Usergroups
 Register
 Profile
 Private messages
 Log in
|
|
| Author |
Message |
thecomputerguy74
Guest
|
 Posted: Tue Jul 03, 2007 1:59 pm Post subject: How to find out when computer was last seen by AD |
 |
|
I am trying to determine when a computer was last seen by AD. We are
running Windows Server 2003. I have tried to search for it, but I
have not been able to find anything. I am not sure what attributes
are involved. I would prefer to use command line tools, or scripting
if necessary, but I am hoping that I would not have to purchase
another utility, because I don't think that would fly. If anyone has
any suggestions on how to do this, or where I can find out how to do
this, your help would be greatly appreciate it.
thecomputerguy74 |
|
| Back to top |
|
 |
|
|
Richard Mueller [MVP]
Guest
|
| Posted: Tue Jul 03, 2007 1:59 pm Post subject: Re: How to find out when computer was last seen by AD |
|
|
thecomputerguy74 wrote:
| Quote: | I am trying to determine when a computer was last seen by AD. We are
running Windows Server 2003. I have tried to search for it, but I
have not been able to find anything. I am not sure what attributes
are involved. I would prefer to use command line tools, or scripting
if necessary, but I am hoping that I would not have to purchase
another utility, because I don't think that would fly. If anyone has
any suggestions on how to do this, or where I can find out how to do
this, your help would be greatly appreciate it.
|
The lastLogon attribute represents the last time the computer authenticated
to the domain. However, this attribute is not replicated so a different
value is saved on each DC. You would need to query every DC in the domain to
find the largest (latest) value. Also, the datatype is Integer8, which is a
64-bit number, which requires special code to convert to a date in your time
zone. The pwdLastSet attribute is another Integer8 attribute representing
the last time the password for the computer account was changed. By default,
the system resets the password every 30 days. If the date corresponding to
pwdLastSet is 60 days in the past, for example, you know the computer has
not authenticated to the domain for between 30 and 60 days.
Joe Richards' free oldcmp command line utility can be used to find old
computer accounts. See this link:
http://www.joeware.net/win/free/tools/oldcmp.htm
I have an example VBScript program that retrieves the pwdLastSet date for
all users linked here:
http://www.rlmueller.net/PwdLastChanged.htm
The program can be easily modified to retrieve the pwdLastSet date for all
computers. The modification is commented in the code. I also have an example
program that retrieves the lastLogon date for all users linked here:
http://www.rlmueller.net/Last%20Logon.htm
This program can also be modified to retrieve the dates for computers
instead of users. The following statement:
strFilter = "(&(objectCategory=person)(objectClass=user))"
would be changed to:
strFilter = "(objectCategory=computer)"
This program queries every DC in the domain and keeps track of the lastLogon
date for each object in a dictionary object, so it might take awhile to
complete.
--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
-- |
|
| Back to top |
|
|
|
|
