Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Friday, January 18, 2013 2:50 PM
whencreated attribute is not sufficient as it does not account for computers that are removed/rejoined. Any way to do this?
Thank,
Jaime
All replies (14)
Friday, January 18, 2013 10:49 PM
There are so many things "it would be nice to know" about what has happened in one's active directory infrastructure, like, how many times was an account renamed, which OU's has it ever existed in, what computers has a particular user logged into.... But I am sure people would be upset if AD tracked all this, as it would get seriously bogged down doing all that reporting, both in terms of cpu cycles and storage.
Al Dunbar -- remember to 'mark or propose as answer' or 'vote as helpful' as appropriate.
Friday, January 18, 2013 11:07 PM | 1 vote
Well. I don't have a direct answer for you:
I have never seen any type of registry key or AD property that shows the date a computer was joined.
As RM said the object creation date is there so if your AD objects are dynamically created then that is the createTimestamp to use.
Otherwise....maybe something happens when a compute is joined to the domain like software is deployed? Those file folders will have dates.
cs
Saturday, January 19, 2013 8:56 AM | 1 vote
Your only way is to check your eventlog, which is of course not possible when you want to track over a long period of time.
You could implement eventlog subscription on all your DCs, and on the subscriber save your log automatically everyday. The subscription and backup solution are easy to put in place, but going through the logs when you want to track a computer object history is definitely slow, and not administrator friendly !
Life is short, Enjoy it now. Cyreli
Sunday, January 20, 2013 7:31 PM
If you look at pwdlastSet attribute and the box was joined within the default password expiration period (e.g. 90 day), that date will tell you when the computer was joined.
I run a weekly job in our AD which enumerates all computer accounts' pwdLastSet, lastlogontimestamp, whencreated, whanchanged attributes to detect which ones are not active and can be disabled. That script creates weekly dumps and logs, from that it's possible to track when a computer was joined/rejoined. Obviously, not a nice solution.
If you want better auditing, then I agree with some of the posts above, you'll need a 3rd party software, like Quest Intrust to gather security logs from DCs and create reports from them.
tompa
http://tompaps.blogspot.com
Tuesday, January 22, 2013 1:07 PM
Thanks guys, all great replies/ideas. Since the answer isn't as straightforward as I hoped here is more detail:
My goal is to provide a 2 week period for newly created windows 7 workstations for which all domain users are in the install mode, and after which point we want to only allow standard logons. So I have 2 OU's, and a nightly powershell that copies to and from based on whencreated. I'm trying to make my script work w/o having to manually delete computer account every time a rejoin is req'd.
Tuesday, January 22, 2013 1:21 PM | 1 vote
Thanks guys, all great replies/ideas. Since the answer isn't as straightforward as I hoped here is more detail:
My goal is to provide a 2 week period for newly created windows 7 workstations for which all domain users are in the install mode, and after which point we want to only allow standard logons. So I have 2 OU's, and a nightly powershell that copies to and from based on whencreated. I'm trying to make my script work w/o having to manually delete computer account every time a rejoin is req'd.
Didn't you get the answer to your question? You did but now want to morph it into a new question.
Why not mark it as correct and start anew thread or rename this the Jaime needs help doing his job thread? <--yes...I am saying this jokingly but there is some truth to it.
Tuesday, January 22, 2013 1:22 PM | 1 vote
BTW: you can also run a GPO that runs on first domain connect that writes a file or a log somewhere that indicates the join date.
Depending on your environment it is a better (or the only doable) solution when compared to whenCreated timestamp
Tuesday, January 22, 2013 4:48 PM
I think the answer to the question "any way to do this?" can be assumed to have been answered here as: "there is no way to do precisely what you want".
If there are other ways to accomplish what the real problem is, that should be a new thread, as the solution will still not be an answer to how to do something that is not possible.
Al Dunbar -- remember to 'mark or propose as answer' or 'vote as helpful' as appropriate.
Tuesday, January 22, 2013 5:16 PM
Not sure why you had to get snarky, but fair enough and thanks again for the helpful replies.
Tuesday, January 22, 2013 5:24 PM
You could also grant them reset computer password rights and give them a one-liner to reset the computer account before joining. Not sure if it's sufficient for you.
tompa
http://tompaps.blogspot.com
Tuesday, January 22, 2013 8:48 PM
Not sure why you had to get snarky, but fair enough and thanks again for the helpful replies.
Not sure who you feel was being snarky, but I don't think any of us were. The idea of marking this answered when there really is no answer to the question other than "it is not possible" is mainly for the benefit of others who might be looking for the same kind of information. Threads that remain unanswered or unresolved for a long time are not really useful.
Al Dunbar -- remember to 'mark or propose as answer' or 'vote as helpful' as appropriate.
Thursday, May 25, 2017 8:15 PM | 2 votes
This info is also in the NetSetup.LOG file. At least on Windows 7 machines. I haven't checked other OS's, but you could write a script to search that file on the remote machine.
Wednesday, May 31, 2017 9:18 PM
Just open up the AD Users and Computers...change the View to 'Advanced Features' and then navigate to your the computer you want to check, right-click and go to Properties, and check the 'Object' tab.
You should see a 'Created' date and 'Modified' date entries.
In my experience, the dates tend to be very accurate.
Thursday, June 20, 2019 3:52 PM
This info is also in the NetSetup.LOG file. At least on Windows 7 machines. I haven't checked other OS's, but you could write a script to search that file on the remote machine.
This, ladies and gentlemen, is the only correct answer.