Active Directory: How to Find Inactive Computers in

Inactive Active Directory users and computers pose a serious security and compliance risk. Inactive computers often store sensitive data that can be stolen by hackers, and any inactive account can serve as an entry point to your IT environment, enabling attackers to quietly gain access to critical IT systems like Microsoft Active Directory, Windows Server or Exchange. Accordingly, security best practices recommend disabling inactive Active Directory accounts. But the reality is, IT administrators are often too overwhelmed by other management tasks to make disabling inactive computers a priority. Therefore, it’s critical to have an easy way to list all inactive computers and disable them to reduce your attack surface area and strengthen the security of your IT environment. PowerShell is one of the many tools that can help you find inactive computers in your Active Directory. Using PowerShell, you can get inactive computers and export them to a CSV file; you can even schedule a script to run regularly to report on stale computers.

1. Open the PowerShell ISE → Run the following script, adjusting the value of the $DaysInactive variable to suit your needs:

$DaysInactive = 90
$time = (Get-Date).Adddays(-($DaysInactive))
Get-ADComputer -Filter {LastLogonTimeStamp -lt $time} -ResultPageSize 2000 -resultSetSize $null -Properties Name, OperatingSystem, SamAccountName, DistinguishedName

2. To export the output to a CSV file, add the Export-CSV PowerShell cmdlet, as shown below:

Get-ADComputer -Filter {LastLogonTimeStamp -lt $time} -ResultPageSize 2000 -resultSetSize $null -Properties Name, OperatingSystem, SamAccountName, DistinguishedName | Export-CSV “C:\Temp\StaleComps.CSV” –NoTypeInformation

3. Open the file produced by the script in MS Excel.

https://img.netwrix.com/howtos/find_inactive_computers_in_ad_powershell.png

Credits:

Originally published: https://www.netwrix.com/how_to_find_inactive_computers_active_directory_powershell.html