You need to identify which servers were restarted during the last two days

Your network contains an Active Directory domain named adatum.com. The domain contains several
thousand member servers that run Windows Server 2012 R2.All of the computer accounts for the
member servers are in an organizational unit (OU) named ServersAccounts.
Servers are restarted only occasionally.
You need to identify which servers were restarted during the last two days.
What should you do?

A.
Run dsquery computer and specify the –staiepwd parameter.

B.
Run Get-ADComputer and specify the SearchScope parameter.

C.
Run Get-ADComputer and specify the IastLogon property.

D.
Run dsquery server and specify the –o parameter

Show Hint

← Previous question

Next question →

Leave a Reply 6

MCSE Guy

Meedo

get-adcomputer -properties lastlogondate

A: dsquery computer -stalepwdnumber_of_days – Searches for all computers that have not changedtheirpassword for the specified number_of_days. B: dsquery server -o {dn | rdn | samid} – Specifies the formatin which the list of entries found by the search willbe displayed: dn distinguished name of each entry , default;rdn relative distinguished name of each entry;samid SAM account name of each entry computer groupserver user; upn user principal name of eachentryuserC: Gets one or more Active Directory computers lastLogondate should be used D: SearchScope specifies thescope of an Active Directory search. Possible values for this parameter are:Base or 0; OneLevel or 1; Subtree or 2 – A Base query searches only the current path or object.AOneLevelquery searches the immediate children of that path or object. A Subtree query searches the currentpath orobject and all children of that path or object.

JamesL

IMO the answer is B

Reason:
A wrong because it searches for computers whose passwords have not changed for the number of days that you specify.

C wrong because lastlogon info is for the last logon time not last reboot

D wrong because the -o parameter determines if the output is in DN or RDN format

This leaves B – you would specify the searchscope as below
Searchscope specifies the scope of an Active Directory search.

Get-ADComputer -Filter * -SearchBase “OU=Domain Controllers,DC=company,DC=pri” | select Name | ForEach-Object {Get-WmiObject win32_OperatingSystem | select csname, lastbootuptime}

Im not a powershell guru but this example works although it needs converting to a readable date and time format if anyone can show how that is done

OK finally cracked it 🙂
This is the full command to convert the date and time to a more readable format

Get-ADComputer -Filter * -SearchBase “OU=Domain Controllers,DC=company,DC=pri” | select Name | ForEach-Object {Get-WmiObject win32_OperatingSystem | select csname,@{Label=”LastBootUpTime”;Expression={$_.ConverttoDateTime($_.lastbootuptime)}}}

Gerard Manvussa

Great JamesL!
However, this only shows the first entry of the server list and repeats it the number of computers there are.

I did:
$comp = Get-ADComputer -Filter * | Select -Exp Name
Get-WmiObject win32_OperatingSystem -Computer $comp | Select csname,@{Label=”LastBootUpTime”;Expression={$_.ConverttoDateTime($_.lastbootuptime)}}

I have 9 computer object in my lab ($comp.count). But the second command crashes after showing the first 3 object, then gives an error (The RPC server is unavailable). It seems Get-WmiObject needs to connect to the server, which needs to be up and have WMI firewall rules enabled.
Get-ADComputer is only here to list the computer objects, not getting the LastBootUpTime value.

There’s a great page about it:
http://www.powershelladmin.com/wiki/Find_last_boot_up_time_of_remote_Windows_computers_using_WMI