Isn’t it LastLogon which is DC specific?
*From:* [email protected] [mailto: [email protected]] *On Behalf Of *Michael Leone *Sent:* Monday, May 9, 2016 10:14 AM *To:* [email protected] *Subject:* Re: [NTSysADM] RE: New script: Microsoft Active Directory Health Check PowerShell Script V2.0 On Mon, May 9, 2016 at 9:47 AM, Charles F Sullivan < [email protected]> wrote: Do you want results like this? Name : BENO CanonicalName : somedomain.com/comps/winxp/BENO LastLogonTimeStamp : 2/4/2015 12:06:46 PM If so, I use this in different variations, sometime adding in logic for a particular OS version. I give the machines 90 days to be off the network, but change the $date variable as you see fit. If you want to include computer accounts that are disabled as well, remove “-and (Enabled -eq "true")”. import-module ActiveDirectory $date = [DateTime]::Today.AddDays(-90) get-adcomputer -filter { (LastLogonTimeStamp -ge $date) -and (Enabled -eq "true") } -property * | Select-Object Name,CanonicalName,@{n='LastLogonTimeStamp';e={ [DateTime]::FromFileTime($_.LastLogonTimeStamp) } } | sort-object -descending -property LastLogonTimeStamp | format-list | out-file ".\oldcomps.txt" -append Isn't the LastLogonTimeStamp dependent on which DC the user (or computer, in this case) connects to? So that if you are not accessing the same DC, you might not be getting the correct information. I could be wrong, but that is what I understood from this mailing list.
