Can I modify this script to search for a single AD computer?

This topic contains 2 replies, has 2 voices, and was last updated by  Barry Thomson 3 years, 8 months ago.

  • Author
    Posts
  • #12029

    Barry Thomson
    Participant

    Hello,

    I'm wondering if it's possible to modify this script to allow for user input of a single computer to look up?

    Thanks

    Add-PSSnapin Quest.ActiveRoles.ADManagement
    $dcs = Get-QADComputer -ComputerRole DomainController

    foreach($dc in $dcs){

    Get-ADComputer $dc.Name -Properties lastlogontimestamp |
    Select-Object @{n="Computer";e={$_.Name}}, @{Name="Lastlogon"; Expression={[DateTime]::FromFileTime($_.lastLogonTimestamp)}}
    }

    
    
    		
    	
  • #12035

    Joakim Svendsen
    Participant

    This doesn't make sense for a number of reasons. This checks the LastLogonTimestamp (which is synchronized, albeit delayed by, or accurate within, 9-14 days or whatever it is) of each DC itself (passed as "$dc.Name" to Get-ADComputer) and outputs objects with each DC's name and its LastLogonTimestamp. So, what exactly are you trying to do? It seems like you really want to check the non-synchronized LastLogon timestamp on each DC? For a computer object? Guessing, you might want to check the LastLogon or LastLogonTimestamp on one or more domain controllers for some given computer.

    Anyway, if you want "user input of a single computer to look up", and I guess that you want to check it for each DC (rather than checking the actual DCs...), something like this will do (should be v2-compatible):

    PS C:\temp> add-pssnapin quest.activeroles.admanagement
    PS C:\temp> $dcs = Get-QADComputer -ComputerRole DomainController
    PS C:\temp> $dcs | select -exp Name
    2008R2ESXI2
    2008R2ESXI
    PS C:\temp> $CheckThisOne = Read-Host -Prompt 'Enter computer name to check last logon for'
    Enter computer name to check last logon for: vista64esxi
    

    Then something like this:

    PS C:\temp> @( foreach ($dc in $dcs) {
        Get-ADComputer -Server $dc.Name -Properties LastLogon, LastLogonTimestamp -Identity $CheckThisOne |
             Select @{n='ComputerName';e={$CheckThisOne}}, @{n='DC';e={$dc.Name}}, @{n='LastLogon';e={[datetime]::FromFileTime($_.LastLogon)}}, @{n='LastLogonTimestamp';e={[datetime]::FromFileTime($_.LastLogonTimestamp)}}
    } ) | Format-Table -AutoSize
    
    ComputerName DC          LastLogon             LastLogonTimestamp
    ------------ --          ---------             ------------------
    vista64esxi  2008R2ESXI2 12/19/2013 2:29:48 AM 12/14/2013 6:29:48 PM
    vista64esxi  2008R2ESXI  12/19/2013 7:29:48 AM 12/14/2013 6:29:48 PM
    

    There you can see that the LastLogonTimestamp is identical for both (as it should be), and that it's off by a bit (ca. 5 days) compared to the actual last computer authentication date.

    Good luck and happy holidays.

  • #12046

    Barry Thomson
    Participant

    This has helped me a ton. Thank you, kind Sir.

    Thanks

You must be logged in to reply to this topic.