I'm trying to write a single dsquery which will tell me what systems have connected to our domain within the last 26 weeks that are running XP so we can figure out what we need to phase out over the next two months.
The problem I'm currently facing is that when I do a dsquery to find systems running Windows XP it comes back with a list of systems, a number of which I know are not active which need to be removed as AD Objects (this is another issue, please spare me the best practice/security lecture…one thing at a time).
I'm using the query below to find systems running Windows XP and output that to a text file:
dsquery * domainroot -filter "(&(objectCategory=computer)(operatingSystem=Windows XP*))" -limit 1000 > c:\XP_Machines.txt
I want to add to that query which will tell me which of the systems from the output above have connected to the network within the last 26 weeks.
I know to find systems that have not connected in the last 26 weeks I can run:
dsquery computer -inactive 26
However, I'm not sure how to find what systems HAVE been active in the last 26 weeks as a subset of the systems output running Windows XP.
Thanks in advance for your assistance.
Note: If there is a better way to do this using PowerShell, I'm open to that as well.
Best Answer
Add the lastLogonTimestamp attribute to your filter, and get the numeric value for lastLogonTimestamp for six months ago. Example:
130200503900000000 is the value for 2013-08-03 20:39:50
In PowerShell, you can get the numeric fileTime as follows:
http://blogs.technet.com/b/ashleymcglone/archive/2013/12/20/back-to-the-future-working-with-date-data-types-in-active-directory-powershell.aspx