Home / server / Questions / 576750
Accepted
Rob Nicholson
Asked: 2014-02-20 05:01:27 +0800 CST

Determine last time a computer powered up

  • 772

Is there a way to determine by querying Active Directory when a computer was running? I want a quick way to exclude computers in the domain that have been off for (say) 7 days. The LastLogonTime fields don't help as this isn't anything to do with user's logging on.

windows

2 Answers

  1. Best Answer

    No there isn't a good way of knowing when a computer was last powered on using only information stored in Active Directory. The LastLogonTimestamp of a computer object is updated by the computer, so I'm not sure what you mean by your last sentence. But it's going to be 9 - 14 days off regardless. That attribute is not updated every time a computer logs on to the domain. This is the attribute that

    dsquery computer -inactive 24

    is looking at. The granularity is in weeks because of the inherent lack of precision of lastLogonTimestamp.

    You can reconfigure AD to update the lastLogonTimestamp attribute more often, which would result in a slightly more accurate value, but this is still not going to help you account for computers that were powered on but not connected to the network, or if you need accuracy down to like within less than a day.

    http://blogs.technet.com/b/askds/archive/2009/04/15/the-lastlogontimestamp-attribute-what-it-was-designed-for-and-how-it-works.aspx

    Consider doing something like a script that runs on each computer, and queries the Win32_OperatingSystem WMI class. The computer's precise last bootup time is stored in that WMI class.

    Get-WMIObject -Query "SELECT LastBootUpTime From Win32_OperatingSystem" -ComputerName PC02

    • 9

  2. Although I concur with Ryan's answer that there's no good way of doing this with information stored in Active Directory (by default)...

    If you absolutely must have something in Active Directory, the best way to do this is to set a machine startup script (deployed via GPO) to alter one of the attributes of the computer object. Appending a timestamp to the description attribute is a classic, but there are lots of generally unused attributes (department, departmentNumber, employeeID, employeeNumber, etc.) if you're looking for one to use and don't want to append to the description attribute.

    Alternately, I've seen this type of thing achieved by dumping machine information in a text or .csv file (including boot time) to a share Everyone has write access to, that administrators then parse with scripts and/or eyeballs. I prefer the AD attribute approach, but both are valid.

    • 2