List AD computers with a timestamp of when they were created and a timestamp of when they last logged on (accurate within 14 days)
https://www.netwrix.com/how_to_export_computer_list_from_ad.html
https://stackoverflow.com/questions/13091719/converting-lastlogon-to-datetime-format
Create a powershell script with the following
Import-Module ActiveDirectory
Get-ADComputer -Filter * -Property * |
Select-Object Name,OperatingSystem,@{N='LastLogonTimestamp'; E={[DateTime]::FromFileTime($_.LastLogon)}},whenCreated,DistinguishedName |
Export-CSV "C:\\Data\ADcomputerslist.csv" -NoTypeInformation -Encoding UTF8
Run it on a domain controller
List Local Computer User Accounts
This is useful for finding unknown or forgotten local accounts (for security reasons ofc)… it is assumed you're doing this from domain admin account on a domain controller.
https://www.netwrix.com/how_to_list_all_user_accounts_on_a_windows_system.html
Create a powershell script with the following:
$computers = Get-Content -Path C:\data\computers.txt Get-WmiObject -ComputerName $computers -Class Win32_UserAccount -Filter "LocalAccount='True'" | Select PSComputername, Name, Status, Disabled, AccountType, Lockout, PasswordRequired, PasswordChangeable, SID | Export-csv C:\data\local_users.csv -NoTypeInformation
Make a list of computers in a text document (new computer on each line) and run the script (update the paths as needed).