PowerShell: Find active computer objects
After a successful Active Directory migration, the old domain will eventually need to be shut down.
Before you can go ahead you need to find out if there are still any active computers left on the old domain.
A small PowerShell script will help you to find active computer objects.
Index
Find active computer objects with LastLogonTimeStamp
If you want to find active computer objects the attribute LastLogonTimeStamp will be essential. Computers update it automatically if the value which is saved in the computer object on the domain is older than 9 to 14 days. However, by using LastLogonTimeStamp in an LDAP filter the value shows the number of 100-nanosecond intervals since January 1, 1601. So, the following workaround is required:
Convert DateTime::FromFileTime
By using ::FromFileTime of the class [DateTime] you convert the LastLogonTimeStamp (nanoseconds since January 1, 1601 / 100 ) into a data format as follows:
|
1 |
$lastlogon=[datetime]::FromFileTime($comp.lastlogontimestamp) |
Include in LDAP-Filter
For querying LastLogonTimeStamp in an LDAP filter we first have to calculate the time stamp. In this example we query all computer objects that logged in during the previous six months (~182 days).
|
1 2 |
$DaysInactive = 182 $LDAPcheckdate=(Get-Date).Adddays(-($DaysInactive)).ToFileTime() |
Using “.ToFileTime()” changes the date to the same format as the LastLogonTimeStamp. Now you can use this value in an LDAP filter. To be able to use it as a parameter for commands such as Find-LdapObject, you set the filter first as a variable $LDAPQuery.
|
1 2 |
$ldapQuery = '(&(objectClass=computer)(lastLogonTimeStamp=' + $LDAPcheckdate + '))' $ActiveComp=Find-LdapObject -SearchFilter:$ldapquery |
Summary
In summary, the benefit of using this method is that the queries can be run very quickly. In my current example scenario there are more than 16.000 computer objects on the domain. So, if I search for all computers via an LDAP query first and analyze the LastLogonTimeStamp afterwards it takes around 10 minutes.
However, if you calculate the LastLogonTimeStamp first and use the value in the LDAP query you reduce the query time significantly to just a few seconds. The reason is that there are only 30 active computers left to be displayed.
Further articles:
LDAP Search with PowerShell – Find-LdapObject
LastLogonTimeStamp vs. msDSLastSuccessfulInteractiveLogonTime
FirstAttribute AG – Identity Management & IAM Cloud Services
We would be happy to present our services and solutions to you. Get in touch and find out how we can help you.
Leave a Reply
<p>Your email is safe with us.<br/>Information about our <a href="https://activedirectoryfaq.com/contact-us/">data protection policies</a></p>