Detecting Active Windows XP Computers with PowerShell and dsquery
Posted on March 12, 2014
- and tagged as
- active-directory,
- security
With support for XP ending, the following are two ways to list currently active XP workstations.
For Server 2008 R2 and later, using the ActiveDirectory PowerShell module provides nicer output with more detail.
Import-Module ActiveDirectory
$XP = Get-ADComputer -Filter {OperatingSystem -like "*XP*"} `
-Properties Name, DNSHostName, OperatingSystem, `
OperatingSystemServicePack, OperatingSystemVersion, PasswordLastSet, `
whenCreated, whenChanged, LastLogonTimestamp, nTSecurityDescriptor, `
DistinguishedName |
Where-Object {$_.whenChanged -gt $((Get-Date).AddDays(-65))} |
Select-Object Name, DNSHostName, OperatingSystem, `
OperatingSystemServicePack, OperatingSystemVersion, PasswordLastSet, `
whenCreated, whenChanged, `
@{name='LastLogonTimestampDT';`
Expression={[datetime]::FromFileTimeUTC($_.LastLogonTimestamp)}}, `
@{name='Owner';`
Expression={$_.nTSecurityDescriptor.Owner}}, `
DistinguishedName
Write-Output $XP
For DCs pre Server 2008 R2, similar results can be retrieved with dsquery. Firstly, we need to generate the int64 formatted timestamp
[datetime]::Now.AddDays(-65).ToFileTime()
Once we have the timestamp we can plug it into the dsquery command.
dsquery * domainRoot -filter "(&(objectCategory=computer)(operatingSystem=Windows XP*)(lastLogonTimestamp>=TIMESTAMP))"