How to Find Inactive Computers in Active Directory with or without PowerShell

{{ firstError }}
We care about security of your data. Privacy Policy
Native Auditing Netwrix Auditor for Active Directory
Native Auditing
Netwrix Auditor for Active Directory
  1. Open the PowerShell ISE → Run the following script, adjusting the value of the $DaysInactive variable to suit your needs:

$DaysInactive = 90
$time = (Get-Date).Adddays(-($DaysInactive))
Get-ADComputer -Filter {LastLogonTimeStamp -lt $time} -ResultPageSize 2000 -resultSetSize $null -Properties Name, OperatingSystem, SamAccountName, DistinguishedName

  1. To export the output to a CSV file, add the Export-CSV PowerShell cmdlet, as shown below:

Get-ADComputer -Filter {LastLogonTimeStamp -lt $time} -ResultPageSize 2000 -resultSetSize $null -Properties Name, OperatingSystem, SamAccountName, DistinguishedName | Export-CSV “C:\Temp\StaleComps.CSV” –NoTypeInformation

  1. Open the file produced by the script in MS Excel.
Find inactive computers in active directory: file produced by powershell script in MS Excel
  1. Run Netwrix Auditor → Navigate to "Reports" → Expand the "Active Directory" section → Go to "Active Directory ­– State-in-Time" → Select "Computer Accounts – Last Logon Time" → Click "View" → Adjust the "Inactive Days" parameter if needed → Click "View Report".
  2. To save the report, click the "Export" button → Choose a format from the dropdown menu → Click "Save".
Find inactive computers in active directory: Computer Account - Last Logon Time report in Netwrix Auditor

Don’t Waste Your Time on PowerShell Scripting Whenever You Need to Get Inactive Computers

Inactive Active Directory users and computers pose a serious security and compliance risk. Inactive computers often store sensitive data that can be stolen by hackers, and any inactive account can serve as an entry point to your IT environment, enabling attackers to quietly gain access to critical IT systems like Microsoft Active Directory, Windows Server or Exchange. Accordingly, security best practices recommend disabling inactive Active Directory accounts. But the reality is, IT administrators are often too overwhelmed by other management tasks to make disabling inactive computers a priority. Therefore, it’s critical to have an easy way to list all inactive computers and disable them to reduce your attack surface area and strengthen the security of your IT environment.

PowerShell is one of the many tools that can help you find inactive computers in your Active Directory. Using PowerShell, you can get inactive computers and export them to a CSV file; you can even schedule a script to run regularly to report on stale computers. But it’ll take quite a lot of your time, which could be spent on more important tasks.

Netwrix Auditor for Active Directory dramatically simplifies the job by providing a ready-to-use report that lists all inactive computers along with the last logon time for each. Plus, its built-in Inactive User Tracking tool can automatically disable all user and computer accounts that have been inactive for more than a specified number of days to help you keep your IT environment secure.

Related How-tos