Ways to find out if an old server is still in use?

I received a list of 200 servers on the internal domain and I am tasked with determining if they could be end of life. Unfortunately, I've only worked here a month, so I do not know what most of these are even for. I've sent out the list to many teams and only got a couple of responses. They want this list by EOD tomorrow. 90% are VMware VMs. Most are on Windows Server 2008. A lot of SQL servers and IIS servers based on their names.

Ways to find out if a server is still in use?

  • I don't think I can rely on the last login, because they are SQL and IIS servers. Most of them haven't been logged into in a long time.
  • I was thinking of looking up the latest events in the Event Log, but that would take forever to do manually, and I wouldn't be able to meet my deadline.

For SQL Server and IIS, you can actually check application logs for actual usage; on SQL Server you have to enable connection logging (see https://stackoverflow.com/questions/6769099/where-are-sql-server-connection-attempts-logged), on IIS log files are automatically generated unless someone has turned off logging.

But, as Stuggi said in his answer, this is an impossible task in so brief a time, and also you can't prove that a server is definitely not needed anymore just because nobody is currently using it (add sad story about an offline root certification authority which got deleted because nobody remembered what that server was doing there, and hey, it's turned off, what better proof that it's not in use?).

The best approach in such a short timeframe is to just turn the servers off. If nobody complains about them after a month or so, you can get rid of the VMs (after backing them up, because you never know...).


First of all, that task is impossible without previous knowledge. A project like that could easily take weeks if not months, since you rarely can find somebody in an organisation that can definitely say that something isn't needed anymore. Futhermore, you can never truly trust logs for that task either, since proving that nobody is using some resource can be rather hard, what if that server for example only is used every other month?

But, what you can do is catalogue all servers that are running software or operating systems that are end-of-life due to no longer being supported by the vendor.

Start with the operating systems, anything older than Windows Server 2012 are not supported by Microsoft anymore, and should have been replaced already. Windows Server 2012 is also already in extended support, so it's should also be phased out within 2 years.

Then you just need to go through all servers with supported OSs and check if they are running any software that's EOL, for example MS SQL Server or Exchange. Anything EOL should again be upgraded or phased out if no longer needed.

Microsoft products EOL dates can be checked here (Windows Server 2003 for example)

It's also a lot more effective to get responses from departments if you aren't asking them what something is for, and instead tell them that by this and that date the following servers will be terminated if nobody has no further use for them.

If you still want to go down the route of log analysis, Splunk has a free tier that allows you to import quite a lot of data 2 times per month if memory serves, and they also have a quite good toolkit for log analysis on Windows servers.