A PowerShell-based tool to audit Active Directory computer accounts

Products PingCastle Ideas
,
1

What is a one sentence summary of your feature request?

A PowerShell-based tool to audit Active Directory computer accounts

Please describe your idea in detail. What is your problem, why do you feel this idea is the best solution, etc.

A PowerShell-based tool to audit Active Directory computer accounts, with a focus on identifying inactive and active Windows devices based on LastLogonDate.

The tool can be found here:

I wrote the tool while trying to solve a PingCastle finding “Obsolete OS (Windows 10 or Windows 11)”.

PingCastle can output all the computers via its own menu option.
“PingCastle will produce a list of all your computers with the OS version in a csv file”

While this works well, I found the information overhead a tad too much. In addition to that, I have multiple clients I take care of. I do this via RDP, and most of the time copying files out of the machine I am currently on is disabled - which prolongs the analysis. Hence, this small tool, based on the PowerShell command present in the solution.

With the tool, the user can:

  • decide which windows version he wants to audit,
  • choose a custom time window for the LastLogonDate (default is 90 days)
  • see instantly which computers are inactive and active
  • get some hygiene recommendations on how to handle the computers
  • choose to write inactive, active or all computers to a text file

License: MIT

(As of writing this, I noticed, I missed out on adding the Version of the Windows OS - this will be added soon)

How do you currently solve the challenges you have by not having this feature?

The PowerShell command present in the solution.

Get-ADComputer -Filter * -Property * | Format-Table Name,OperatingSystem,OperatingSystemServicePack,OperatingSystemVersion -Wrap -Auto You can replace [-Filter ] by [-Filter {OperatingSystem -Like "Windows 1"}

Upload any supporting images that you think should be considered in this idea.

The image displays a terminal screen showing a list of 275 active computers, including their operating systems (mostly Windows 11 Business) and the last logon dates. (Captioned by AI)
The image displays a terminal screen showing a list of 275 active computers, including their operating systems (mostly Windows 11 Business) and the last logon dates. (Captioned by AI)448×410 68.4 KB

image.png
image.png717×461 56.5 KB

image (2).png
image (2).png1184×333 43.8 KB

2 Likes
2

Hi there @GreekGothguy,
Thanks for the feedback here. To make sure I understand the use case better can you and anyone else reviewing this let me know your thoughts on the following questions.

  • You want PingCastle to have options for exports to also output directly in PingCastle.exe?
  • You want us to add some basic filtering command line options to PingCastles Export functionalities so we could filter on:
    • Operating Systems
    • Inactivity
  • Extra: Use json or csv files rather than txt also.

Whilst I don’t think we would include remediation and guidance details in exports as that sort of guidance is reserved for the HealthCheck I really like the idea of the out of the box options to easily filter the exports as we could add a whole bunch with command line options so they could also be scheduled etc.

My initial thoughts for filtering would include:

  • Inactive (LastLogonTimeStamp)
  • Disabled
  • Vulnerable Conditions such as
    • Password Never Expires
    • All delegation scenarios (Unconstrained, constrained etc etc)
    • Password Not Required
    • Non-Standard Primary Groups (I will be releasing a PowerShell script on this in the community over the coming weeks :wink: )
    • SidHistory

Really looking forward to hearing peoples thoughts on this!

1 Like