How to get last boot time of remote computers using PowerShell and ADAudit Plus
System administrators access remote computers for a myriad of reasons such as for patches, regular updates, installations, and resolving technical issues. Many updates and installations require a system reboot to actually come into effect.
When troubleshooting a server or an end user, most IT admins want to know when the machine was last rebooted to take further steps. How can system administrators checkthe last time users initiated a reboot from a remote location?
Native tools like Windows PowerShell and third-party tools like ADAudit Plus can provide insights to identify the same.
The following is a comparison between obtaining the last boot time of remote computers report using Windows PowerShell and ADAudit Plus:
Windows PowerShell
Steps to obtain the last boot time of remote computers using PowerShell:
- Identify the domain from which you want to retrieve the report.
- Identify the LDAP attributes you need to fetch the report.
- Identify the primary DC to retrieve the report.
- Compile the script.
- Execute it in Windows PowerShell.
- The report will be exported in the given format.
- To obtain the report in a different format, modify the script accordingly.
Sample Windows PowerShell Script:
Get-CimInstance -ClassName
win32_OperatingSystem | select csname,
lastbootuptime
ADAudit Plus
To obtain the report,
- Login to ADAudit Plus web console as an administrator.
- Navigate to the Reports tab and from the Local Logon-Logoff section in the left pane, select Computer Startup and Shutdown report.
- Select the domain and click Generate.
- Select Export As to export the report in any of the preferred formats (CSV, PDF, HTML, CSVDE and XLSX).
There are three possible ways for employees to connect to the organization's network from a remote location:
- Employee connects using VPN: In this case, it works just like a device that is connected to the organization's network. All the logs are read, and we get the startup time.
- Employee doesn't connect using VPN, and has no agent installed: Until connection with the DC is established again, there is no communication. But once it is established, the logs are available. However, there is a chance for loss of data.
- Employee doesn't connect using VPN, has agent installed: Until connection with the DC is established again, there is no communication. But once it is established, we get to see the logs. There is no chance of log data loss.
Here are some of the obvious drawbacks of using native tools like Windows PowerShell:
- We can run this script only from the computers which has Active Directory Domain Services role.
- It's difficult to change date formats, and apply different time zones on the date results.
- It is difficult to export the report in file formats other than CSV.
- Applying more filters, like OU or 'User name starts with' will increase the LDAP query complexity
ADAudit Plus will generate the last boot time of remote computers report in a simple and intuitively designed UI.
