User Tools
networking:windows:active_directory:stale_computer_accts
Table of Contents
Find Stale Active Directory Computer Accounts
Not Logged in Recently
This command will show computer accounts that have not logged in recently.
dsquery computer -inactive 24 -limit 0
24 is the number of weeks of inactivity.
Find Old Unused AD Computer Accounts
| Last logon time | Active Directory computers have an attribute called lastLogonTimestamp which stores the last time the computer was logged into. |
|---|---|
| Computer password age | Active Directory computers have an attribute called passwordlastset which gets changed automatically every 30 days. |
These two commands are mostly complementary and can help identify old or inactive computer accounts for computers that no longer exist.
get-adcomputer -filter * -properties passwordlastset | select name, passwordlastset | sort passwordlastset
get-adcomputer -filter * -properties lastLogonTimestamp | select name, lastLogonTimestamp | sort lastLogonTimestamp
networking/windows/active_directory/stale_computer_accts.txt · Last modified: 2022/10/12 09:34 by gcooper
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
