Anyone who is responsible for maintaining an Active Directory will be familiar with the problem of checking old and possibly no longer used AD user accounts or computer accounts and, if necessary, removing them from the Active Directory. But sometimes it’s not that easy to determine.
We have reported several times in the past that such Active Directory queries are very easy to do using Windows PowerShell . A selection of the most popular PowerShell commands for the Active Directory can be found at the end of this tutorial.
We would like to show you below how easily you can create a list of computer accounts including their last login ( LastLogonDate ) sorted by date. To do this, call up a PowerShell console and issue the following command.
Get-ADComputer -Filter * -Properties * | Sort LastLogonDate | FT Name, LastLogonDate
Depending on how big your AD is, this query can take a few moments. You will then receive a list of the computer names with details of the last registration date, sorted in ascending order by date. We have shown you a corresponding listing here below.
As you can see, in our example there are many computer accounts that have not logged into the Active Directory for years.
With this list of computer accounts, the administrator can now check the individual PCs and remove any old and no longer required computer accounts from the Active Directory.
Such tasks are standard administrator tasks and should be repeated at regular intervals so that the Active Directory is always kept up to date.
Finally, we have listed other interesting articles on the topic of ” PowerShell ” and ” Active Directory “.
– Count the number of AD (Active Directory) objects using PowerShell
– Determine a user’s LastLogon (last login) in AD using Get-ADUser
– List AD user accounts that have entered a profile path
– Deactivate user account under Windows 10
– Determine which AD user is still there has never logged in
– create a list of all XP PCs in the AD (Active Directory) – list
all deactivated AD accounts
using PowerShell
– query members of an AD group using PowerShell – create a list of home directories, the home drive and the profile path of all AD users
– List of users who have logged on to AD in the last “x” days
– List all AD users including email address
