Script for finding servers that are not logged on

This topic contains 2 replies, has 3 voices, and was last updated by Profile photo of Jeremy Murrah Jeremy Murrah 2 months, 3 weeks ago.

  • Author
    Posts
  • #60937
    Profile photo of pollux1
    pollux1
    Participant

    Hello! Could someone please help me with a script for finding servers that has not been accessed during the last 6 months?
    I must be able to exclude service users. There are so many servers in my company so we will figure this out. Appreciate any help.

  • #60939
    Profile photo of Daniel Krebs
    Daniel Krebs
    Participant

    Using the Search-ADAccount cmdlets which is part of the Active Directory PowerSHell module installed via the Remote Server Administration Tools you can discover inactive computer and user accounts.

    https://technet.microsoft.com/en-us/library/ee617247.aspx

    Import-Module ActiveDirectory
    
    # Generic call using defaults
    Search-ADAccount -AccountInactive -ComputersOnly
    
    # All computer accounts that have no activity for the last 365 days
    Search-ADAccount -AccountInactive -ComputersOnly -TimeSpan 365.00:00:00
    

    Source: https://serverfault.com/questions/415888/how-do-i-find-orphaned-computer-objects-in-active-directory-using-powershell

  • #60940
    Profile photo of Jeremy Murrah
    Jeremy Murrah
    Participant

    Not sure if this is what you're after, but if you're looking for interactive logons by users, as opposed to authentications by service accounts you could use the user profile information. Assuming you have a list of servers to loop through you could do something like this to get the age of the most recently accessed user profile. Of course this doesn't take into account active and valid servers doing server stuff with no user logons, but it's something:

    $Scriptblock = {
        $lastaccessdate = Get-CimInstance win32_userprofile | sort-object -property lastusetime -descending | select -first 1 | select -expandproperty lastusetime
        $ServerAccessAge = $(get-date) - $lastaccessdate
        write-output $ServerAccessAge
    }
    $servercred = get-credential
    $serverlist = get-content c:\scripts\serverlist.txt
    
    foreach ($server in $Serverlist){
        $ServerAccessAge = invoke-command -ComputerName $Server -Credential $servercred -ScriptBlock $Scriptblock
        if ($ServerAccessAge.days -gt 90){
            new-object psobject -Property @{
                Server = $Server
                Age = $ServerAccessAge
            }
        }
    }
    
    

    Source: https://blogs.technet.microsoft.com/heyscriptingguy/2013/03/04/use-powershell-to-find-detailed-windows-profile-information/

You must be logged in to reply to this topic.