After a successful Active Directory migration, the old domain will eventually need to be shut down.
Before you can go ahead you need to find out if there are still any active computers left on the old domain.
A small PowerShell script will help you to find active computer objects.
Find active computer objects with LastLogonTimeStamp
If you want to find active computer objects the attribute LastLogonTimeStamp will be essential. Computers update it automatically if the value which is saved in the computer object on the domain is older than 9 to 14 days. However, by using LastLogonTimeStamp in an LDAP filter the value shows the number of 100-nanosecond intervals since January 1, 1601. So, the following workaround is required:
By using ::FromFileTime of the class [DateTime] you convert the LastLogonTimeStamp (nanoseconds since January 1, 1601 / 100 ) into a data format as follows:
Include in LDAP-Filter
For querying LastLogonTimeStamp in an LDAP filter we first have to calculate the time stamp. In this example we query all computer objects that logged in during the previous six months (~182 days).
$DaysInactive = 182
Using “.ToFileTime()” changes the date to the same format as the LastLogonTimeStamp. Now you can use this value in an LDAP filter. To be able to use it as a parameter for commands such as Find-LdapObject, you set the filter first as a variable $LDAPQuery.
$ldapQuery = '(&(objectClass=computer)(lastLogonTimeStamp=' + $LDAPcheckdate + '))'
In summary, the benefit of using this method is that the queries can be run very quickly. In my current example scenario there are more than 16.000 computer objects on the domain. So, if I search for all computers via an LDAP query first and analyze the LastLogonTimeStamp afterwards it takes around 10 minutes.
However, if you calculate the LastLogonTimeStamp first and use the value in the LDAP query you reduce the query time significantly to just a few seconds. The reason is that there are only 30 active computers left to be displayed.