Monitoring with PowerShell: WAN IP changes and Active Directory ages

I’ve been super swamped the last couple of days, as we’re working on our ISO27001 audit in our office. This means most of my time is just being swallowed by auditors. I’ve decided to not break my streak in releasing my blogs on time so this time we’re covering some requests from our readers!

Monitoring WAN IP changes

This was requested by the Reddit user “EqualWorking1”. He wanted the ability to see when a WAN IP changes for one of his servers, as he suspected a ISP kept dropping the link every few minutes. The script needs to run once to create a base-line IP file, and runs the compare based on that.

$previousIP = get-content "$($env:ProgramData)/LastIP.txt" -ErrorAction SilentlyContinue | Select-Object -first 1
if (!$previousIP) { Write-Host "No previous IP found. Compare will fail." }
$Currentip = (Invoke-RestMethod -Uri "") -replace "`n", ""
$Currentip | out-file "$($env:ProgramData)/LastIP.txt" -Force

if ($Currentip -eq $previousIP) {
    write-host "Healthy"
else {
    write-host "External WAN address is incorrect. Expected $PreviousIP but received $Currentip"
    write-host @{ 
        CurrentIP = $Currentip
        previousIP = $previousIP
    exit 1

Monitoring old computer accounts on Active Directory

This one was requested by Johan, on the N-Central Slack channel. He wants to have the ability to alert when computers get older than a specific age. in his case, 90 days.

 $ENV:ComputerAge = 90
$age = (get-date).AddDays(-$ENV:ComputerAge)
$DomainCheck = Get-CimInstance -ClassName Win32_OperatingSystem
if ($DomainCheck.ProductType -ne "2") { write-host "Not a domain controller. Soft exiting." ; exit 0 }
$OldComputers = Get-ADComputer -Filter * -properties DNSHostName,Enabled,WhenCreated,LastLogonDate | select DNSHostName,Enabled,WhenCreated,LastLogonDate | Where-Object {$_.LastLogonDate -lt $age}

if (!$OldComputers) {
    write-host "Healthy - No computers older than $ENV:ComputerAge found."
else {
    write-host"Not Healthy - Computer accounts found older than $ENV:ComputerAge  days"
    write-host @($OldComputers)

Monitoring old user accounts on Active Directory

And this one was just added for myself. I like knowing if accounts haven’t been logged onto in some time 🙂

 $ENV:UserAge = 30
$age = (get-date).AddDays(-$ENV:UserAge)
$DomainCheck = Get-CimInstance -ClassName Win32_OperatingSystem
if ($DomainCheck.ProductType -ne "2") { write-host "Not a domain controller. Soft exiting." ; exit 0 }
$OldUsers = Get-ADuser-Filter * -properties UserPrincipalName, Enabled, WhenCreated, LastLogonDate | select UserPrincipalName, Enabled, WhenCreated, LastLogonDate | Where-Object { $_.LastLogonDate -lt $age }

if (!$OldUsers) {
    write-host "Healthy"
else {
    write-host "Not Healthy - Users found that havent logged in for $ENV:UserAge days"
    write-host @($OldUsers)

And that’s it this time! short but sweet. I hope you enjoyed and if there is any more requests. Let me know! 🙂 As always, Happy powerShelling.


  1. Riley February 22, 2020 at 9:30 pm

    Monitoring old user accounts on Active Directory

    Get-ADuser-Filter should be Get-ADuser -Filter (space before -Filter)

    1. Kelvin Tegelaar February 23, 2020 at 12:57 pm

      Thanks! wordpress sometimes screws up formatting a bit.

  2. Matthias May 8, 2020 at 1:03 am

    If I’m reading this correctly you are not excluding disabled accounts for both the AD scripts, just listing the enabled status.
    This is problematic in Datto RMM since that means if there is any output it always triggers an alert state.
    Something like this would exclude?
    Where-Object { $_.Enabled -eq $true }

    1. Kelvin Tegelaar May 8, 2020 at 9:10 am

      Correct! You can exclude disabled accounts using your method, or changing the filter to ‘Enabled eq true’. The Where-object option is much faster though.

  3. Alan Miller June 25, 2020 at 11:03 pm

    For getting the current IP, not sure if this would work better for you or not (shamelessly swiped from serverfault):
    Resolve-DnsName -server -type A | select -expand IP4Address

  4. Cliff Waite June 26, 2020 at 6:41 pm

    Kelvin, How about adding into the PS scripts the ability to move those old coomputer/AD accounts to a “disabled (PC/User)” OU automatically? Is that possible?

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.