다음을 통해 공유


Use PowerShell to Find Windows XP Computers Still Alive in Your Active Directory Domain

PS PSA – PowerShell Public Service Announcement

Windows XP

Usually I like to offer deep technical content on the blog, but today I’m going to keep it simple. Everyone should be keenly aware that Windows XP support officially ends on April 8, 2014. Many companies are migrating from Windows XP and need a quick script to check their progress. This is a simple solution with a couple variations to meet your needs.

Get-ADComputer

If you have tinkered at all with the AD PowerShell module, then this cmdlet should be familiar to you. Lucky for us Active Directory tracks the operating system of computers. Listing all the Windows XP computers in the domain can be as simple as this:

 PS C:\> Import-Module ActiveDirectory
PS C:\> Get-ADComputer -Filter {OperatingSystem -like "*XP*"}

It is worth noting that the OperatingSystem attribute is not stored in the global catalog, so you will need to query each domain separately.

Beyond the basic attributes returned in the default set it would be nice to see date stamp fields that can help us determine if the Windows XP computer account is still active.  In a previous post I discussed some tips on working with date fields in AD, and we’re going to use that technique here.  We’ll also snag the relevant operating system attributes. Notice that I’m not using the infamous “-Properties *” option. For efficiency I list only the specific fields that I want to query and display. Finally, I’ve thrown in some PowerShell magic to grab the owner recorded on the account.

 PS C:\> $XP = Get-ADComputer -Filter {OperatingSystem -like "*XP*"} `
    -Properties Name, DNSHostName, OperatingSystem, `
        OperatingSystemServicePack, OperatingSystemVersion, PasswordLastSet, `
        whenCreated, whenChanged, LastLogonTimestamp, nTSecurityDescriptor, `
        DistinguishedName |
    Select-Object Name, DNSHostName, OperatingSystem, `
        OperatingSystemServicePack, OperatingSystemVersion, PasswordLastSet, `
        whenCreated, whenChanged, `
        @{name='LastLogonTimestampDT';`
          Expression={[datetime]::FromFileTimeUTC($_.LastLogonTimestamp)}}, `
        @{name='Owner';`
          Expression={$_.nTSecurityDescriptor.Owner}}, `
        DistinguishedName

Next we will insert a Where-Object in the middle of the pipeline to restrict the output to only machines that have been active in the last 90 days.  We do this by filtering on the whenChanged attribute.  This date is updated anytime the AD computer object is updated for any reason.  It is a shortcut to checking account staleness. Adjust this number to your needs.

 PS C:\> $XP = Get-ADComputer -Filter {OperatingSystem -like "*XP*"} `
    -Properties Name, DNSHostName, OperatingSystem, `
        OperatingSystemServicePack, OperatingSystemVersion, PasswordLastSet, `
        whenCreated, whenChanged, LastLogonTimestamp, nTSecurityDescriptor, `
        DistinguishedName |
    Where-Object {$_.whenChanged -gt $((Get-Date).AddDays(-90))} |
    Select-Object Name, DNSHostName, OperatingSystem, `
        OperatingSystemServicePack, OperatingSystemVersion, PasswordLastSet, `
        whenCreated, whenChanged, `
        @{name='LastLogonTimestampDT';`
          Expression={[datetime]::FromFileTimeUTC($_.LastLogonTimestamp)}}, `
        @{name='Owner';`
          Expression={$_.nTSecurityDescriptor.Owner}}, `
        DistinguishedName

Once we have our results in a variable, $XP, we can work with the output a number of ways: display it in a handy gridview, export it to CSV, or get a count of active XP machines.

 PS C:\> $XP | Out-GridView
PS C:\> $XP | Export-CSV .\xp.csv
PS C:\> ($XP | Measure-Object).Count

I have posted the script samples above over at the TechNet Script Gallery for you to download and modify to your needs.

How much time do I have?

You may be curious how to calculate the number of support days remaining. The cmdlet New-Timespan makes this easy:

 PS C:\> (New-TimeSpan -End (Get-Date -Day 8 -Month 4 -Year 2014 `
    -Hour 0 -Minute 0 -Second 0)).TotalDays

Windows XP Migration Resources

Here is a list of related resources for Windows XP end-of-life:

Support for Windows XP and Office 2003 ends (including countdown timer)
https://www.microsoft.com/en-us/windows/business/retiring-xp.aspx

Microsoft Security Essentials ends for Windows XP
https://windows.microsoft.com/en-us/windows/end-support-help

Windows XP to Windows 7 Migration Guide
https://technet.microsoft.com/en-us/windows/ee150430

Windows 8.1 Migration Resources
https://technet.microsoft.com/en-us/windows/hh771457

Windows XP end of support enterprise resources
https://www.microsoft.com/en-us/windows/enterprise/endofsupport.aspx

Jumpstart your Windows XP Migration with the help of Microsoft Services
https://www.microsoft.com/en-us/microsoftservices/windows_xp_migration_jumpstart_service.aspx

Get-XP.ps1

Comments

  • Anonymous
    February 07, 2014
    Hello, Jeff Stokes here, the dude as it were...so, if you hadn't noticed, XP end of life is quite
  • Anonymous
    April 03, 2014
    Is LastLogonDate not the already-prettified version of LastLogonTimestamp?
  • Anonymous
    April 14, 2014
    Here is a classic article that explains the nuances of LastLogonTimeStamp that I used in this one-liner.
    http://blogs.technet.com/b/askds/archive/2009/04/15/the-lastlogontimestamp-attribute-what-it-was-designed-for-and-how-it-works.aspx
  • Anonymous
    July 09, 2014
    When I use the variable $XP, the lastlogontimestamp isn't included in the .csv, but it displays when I don't use the variable and displays on the screen.
  • Anonymous
    July 09, 2014
    Hi Brian, I would need to see your code to understand why this is happening.
  • Anonymous
    August 07, 2014
    The comment has been removed
  • Anonymous
    September 04, 2014
    Helpful, thanks a bunch! :)
  • Anonymous
    October 29, 2014
    Welcome! Today’s post includes demo scripts and links from the Microsoft Virtual Academy event: Using PowerShell for Active Directory . We had a great time creating this for you, and I hope you will share it with anyone needing to ramp up their
  • Anonymous
    June 22, 2015
    I need to get active computer on active directory
  • Anonymous
    July 27, 2015
    Hi,
    is it possible to find out which client how long is online?

    Best regards. Rene
  • Anonymous
    March 09, 2016
    Great, thank you.