Can I modify this script to search for a single AD computer?


I’m wondering if it’s possible to modify this script to allow for user input of a single computer to look up?


Add-PSSnapin Quest.ActiveRoles.ADManagement
$dcs = Get-QADComputer -ComputerRole DomainController

foreach($dc in $dcs){

Get-ADComputer $dc.Name -Properties lastlogontimestamp | 
Select-Object @{n="Computer";e={$_.Name}}, @{Name="Lastlogon"; Expression={[DateTime]::FromFileTime($_.lastLogonTimestamp)}}



This doesn’t make sense for a number of reasons. This checks the LastLogonTimestamp (which is synchronized, albeit delayed by, or accurate within, 9-14 days or whatever it is) of each DC itself (passed as “$dc.Name” to Get-ADComputer) and outputs objects with each DC’s name and its LastLogonTimestamp. So, what exactly are you trying to do? It seems like you really want to check the non-synchronized LastLogon timestamp on each DC? For a computer object? Guessing, you might want to check the LastLogon or LastLogonTimestamp on one or more domain controllers for some given computer.

Anyway, if you want “user input of a single computer to look up”, and I guess that you want to check it for each DC (rather than checking the actual DCs…), something like this will do (should be v2-compatible):

PS C:\temp> add-pssnapin quest.activeroles.admanagement
PS C:\temp> $dcs = Get-QADComputer -ComputerRole DomainController
PS C:\temp> $dcs | select -exp Name
PS C:\temp> $CheckThisOne = Read-Host -Prompt 'Enter computer name to check last logon for'
Enter computer name to check last logon for: vista64esxi

Then something like this:

PS C:\temp> @( foreach ($dc in $dcs) {
    Get-ADComputer -Server $dc.Name -Properties LastLogon, LastLogonTimestamp -Identity $CheckThisOne |
         Select @{n='ComputerName';e={$CheckThisOne}}, @{n='DC';e={$dc.Name}}, @{n='LastLogon';e={[datetime]::FromFileTime($_.LastLogon)}}, @{n='LastLogonTimestamp';e={[datetime]::FromFileTime($_.LastLogonTimestamp)}}
} ) | Format-Table -AutoSize

ComputerName DC          LastLogon             LastLogonTimestamp
------------ --          ---------             ------------------
vista64esxi  2008R2ESXI2 12/19/2013 2:29:48 AM 12/14/2013 6:29:48 PM
vista64esxi  2008R2ESXI  12/19/2013 7:29:48 AM 12/14/2013 6:29:48 PM

There you can see that the LastLogonTimestamp is identical for both (as it should be), and that it’s off by a bit (ca. 5 days) compared to the actual last computer authentication date.

Good luck and happy holidays.

This has helped me a ton. Thank you, kind Sir.