Computer LastLogon Timestamp 1

[windowsfan]

How can I query AD for computer which are outdated? (not logged in since last 90 days). I have more than 500 computer out dated and need to delete them. Whats the best way to fiugure out which one to delte.

Does computer have lastlogontimes stamp like user has?

How often does it replicate to all other domain?

 

[SDPT]

here is a svbs script to find users,

change it to computers:


On Error Resume Next

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection

objCommand.Properties("Page Size") = 1000

objCommand.CommandText = _
"<LDAP://dc=fabrikam,dc=com>;" & _
"(&(objectCategory=Computer)(userAccountControl:1.2.840.113556.1.4.803:=65536));" & _
"Name;Subtree"
Set objRecordSet = objCommand.Execute

objRecordSet.MoveFirst
Do Until objRecordSet.EOF
Wscript.Echo objRecordSet.Fields("Name").Value
objRecordSet.MoveNext
Loop

_________________________________
IBM CP, MCP, (Cientist, partime)

http://good-times.webshots.com/photo/2761403060074648262gLrhkV?vhost=good-times

 

[djtech2k]

Computer objects do not have lastlogontimestamp. Users have lastlogontimestamp and lastlogon.

Honestly, the easiest way to find old computers it to use a utility called oldcomp.

http://joeware.net/win/free/tools/oldcmp.htm

It is a commamd-line tool and works very well.

It can be done in vbscript as well as I have done it, but that utility is quicker, easier, and gives you many options to tweak your output and output type.

 

[SDPT]

he is right no lastlogontimestamp, but there is a ModifytimeStamp and lastlogon...

_________________________________
IBM CP, MCP, (Cientist, partime)

http://good-times.webshots.com/photo/2761403060074648262gLrhkV?vhost=good-times

 

[windowsfan]

Thanks everyone for quick reply.

 

[Titleist]

windowsfan,

Running "dsquery computer -inactive 12" from a command window on your DC will output all pc's that haven't logged into the domain in the last 12 weeks (90 days).

dsquery /?

John

 

[windowsfan]

SDPT,
How can I query from AD console for computer with lastlogon ?

 

[windowsfan]

SDPT,
is there a way to run query in AD console and find all computer account which are not active since last 90 days?
or
what change I can make to your script so that I can disable all incactive account.

I would really like to know how to query modiftimeystamp from AD?

 

[djtech2k]

Ok, you CAN do this in ADUC with an LDAP query BUT it will require multiple steps. If you do it with an external utility or vbscript, you could do it in 1 step. That is more complex, so I will address it last.

Step1 - Create an LDAP Query in ADUC. Use this code as the custom query string:

(&(&(objectCategory=Computer)(lastLogonTimeStamp<=127835245190000000)(!userAccountControl:1.2.840.113556.1.4.803:=2)))

This is a search string for LDAP. The thing is thought that you will need to change the value "127835245190000000" to the right value each time you runt he query. That value is a measurement of nanoseconds since a date...something like 1-1-1601. Since that value changes every second, you will have to get the value for the value that is good for 60 days back, then put it in the value for the query.

So now, I will give you a vbscript code to get that value to use:

Dim dtmDate, dbl100NanoSecs
Const MAXIMUM_PASSWORD_AGE = 60

dtmDate = DateAdd("d", -MAXIMUM_PASSWORD_AGE, Now())
dbl100NanoSecs = 10000000 * (DateDiff("s", "1/1/1601", dtmDate))
dbl100NanoSecs = FormatNumber(dbl100NanoSecs, 0, False, False ,0)

WScript.Echo ("Value for query = " & dbl100NanoSecs)

So in the end after you have created the query the first time, you will run the vbscript and get that number value, then put it in the query after the "<=" replacing the number that is there now. Then run the query in ADUC.

You could do this all in a vbscript if you want. Then to go further, you could assign that vbscript on the right-click context menu in ADUC to force it to run. That is much more complex than the ADUC query or just running a vbscript.

 

[windowsfan]

I tried
(&(&(objectCategory=Computer)(lastLogonTimeStamp<=127835245190000000)(!userAccountControl:1.2.840.113556.1.4.803:=2)))

but it's giving me error. Not a valid query string. Am I missing any quote? I used the one from your previous post.

 

[djtech2k]

In my post I said that you have to run the vbscript to get the right number to use. The number then needs to go after the "<=" portion. Its the measurement that finds 60 days back.

 

[windowsfan]

That worked but do I need to generate that number every time I run that query?
How this is working, can you please explain? I would really like to know and just dont run your code blindly. It's working great. I changed 60 to 90 in the script to look for inactive computer since last 90 days.

 

[djtech2k]

Yes you have to run that date calculation every time for the script. Thats what I as trying to explain. If you do this in the ADUC console, you will have to do this. If you do it from a vbscript or other script, you can have it run the calculation on the fly. The vbscript I gave you just determines how many nanoseconds have passed since 1-1-1601. Thats the number you put in the LDAP query. The LDAP query checks the lastlogontimestamp for things that are less than or equal to that value.

 

[windowsfan]

Thanks for the detailed explaination!

 

[djtech2k]

No problem. Glad I could help.