lastLogon and lastLogonTimestamp values are odd. I wanted to compare them to the pwdLastSet on the same device.
From: [email protected] [mailto:[email protected]] On Behalf Of David McSpadden Sent: Tuesday, May 10, 2016 3:14 PM To: [email protected] Subject: RE: [NTSysADM] RE: New script: Microsoft Active Directory Health Check PowerShell Script V2.0 I have a Get-ADcomputer query that looks ok now. Michael, what were you looking for in PasswordLastSet?? From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Michael B. Smith Sent: Tuesday, May 10, 2016 11:17 AM To: [email protected]<mailto:[email protected]> Subject: RE: [NTSysADM] RE: New script: Microsoft Active Directory Health Check PowerShell Script V2.0 Now see – that one is actually an anomaly. No WAY should lastLogon have a date a YEAR in the future of lastLogonTimestamp. A couple of weeks, sure, but not a year. Do you know what pwdLasetSet is/was? From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of David McSpadden Sent: Tuesday, May 10, 2016 9:00 AM To: [email protected]<mailto:[email protected]> Subject: RE: [NTSysADM] RE: New script: Microsoft Active Directory Health Check PowerShell Script V2.0 Perfect example from yesterday. [cid:[email protected]] Here is one that has been sitting quietly just waiting to piss me off. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Michael B. Smith Sent: Monday, May 9, 2016 11:34 AM To: [email protected]<mailto:[email protected]> Subject: RE: [NTSysADM] RE: New script: Microsoft Active Directory Health Check PowerShell Script V2.0 Two ways to do this, one is with pwdLastSet and the other is with lastLogonTimeStamp. lastLogonTimeStamp is the “right” answer, in that this is what the attribute is designed for. However, SAN/NAS devices and other non-traditional devices present in AD can screw it up. It is worth noting that lastLogonTimeStamp is only accurate within 9-14 days. I’ll give it a thought or two. N.B. lastLogon is the wrong answer. It isn’t synced between DCs. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Charles F Sullivan Sent: Monday, May 9, 2016 9:47 AM To: [email protected]<mailto:[email protected]> Subject: RE: [NTSysADM] RE: New script: Microsoft Active Directory Health Check PowerShell Script V2.0 Do you want results like this? Name : BENO CanonicalName : somedomain.com/comps/winxp/BENO<http://somedomain.com/comps/winxp/BENO> LastLogonTimeStamp : 2/4/2015 12:06:46 PM If so, I use this in different variations, sometime adding in logic for a particular OS version. I give the machines 90 days to be off the network, but change the $date variable as you see fit. If you want to include computer accounts that are disabled as well, remove “-and (Enabled -eq "true")”. import-module ActiveDirectory $date = [DateTime]::Today.AddDays(-90) get-adcomputer -filter { (LastLogonTimeStamp -ge $date) -and (Enabled -eq "true") } -property * | Select-Object Name,CanonicalName,@{n='LastLogonTimeStamp';e={ [DateTime]::FromFileTime($_.LastLogonTimeStamp) } } | sort-object -descending -property LastLogonTimeStamp | format-list | out-file ".\oldcomps.txt" -append From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of David McSpadden Sent: Monday, May 9, 2016 8:09 AM To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] RE: New script: Microsoft Active Directory Health Check PowerShell Script V2.0 Are computers something that will be considered later or in another script? We constantly have stale computer records because my admins are afraid to delete anything from AD. We find computer accounts in buried OU’s that have been stale for 120 days sometimes. A report of those month would clean out AD and all the applications that rely on AD information for their own reporting and management. Right now I use TrendMicro Management interface (Because it has realtime results) and reconcile with AD when I can. A report would make it so I could give the work away. So what I am asking is a list of computers by OU and last seen or login date? Not sure if it AD Health or what but it is needed I think. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Webster Sent: Monday, May 9, 2016 6:14 AM To: [email protected]<mailto:[email protected]> Subject: [NTSysADM] New script: Microsoft Active Directory Health Check PowerShell Script V2.0 After a lot of work by Michael B. Smith, a group of dedicated testers and myself, we have taken Jeff Wouters’ original script to V2.0. http://carlwebster.com/microsoft-active-directory-health-check-powershell-script-v2-0/ Thanks Carl Webster Citrix Technology Professional http://www.CarlWebster.com<http://t.sidekickopen01.com/e1t/c/5/f18dQhb0S7lC8dDMPbW2n0x6l2B9nMJN7t5XYgdV8QRW2zWLDn4XrdjzW7fK3rs56dwxZf67wwsR02?t=http%3A%2F%2Fwww.carlwebster.com%2F&si=6012126861197312&pi=4311b7b1-332d-4242-8585-36954b184dc7> The Accidental Citrix Admin This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please consider the environment before printing this email. This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please consider the environment before printing this email. This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please consider the environment before printing this email.
