Home / Solution / Get-ADComputer: Find Computer Details in Active Directory with PowerShell

Get-ADComputer: Find Computer Details in Active Directory with PowerShell

You can use the PowerShell cmdlet Get-ADComputer to get numerous details about laptop account objects (servers and workstations) from Active Directory area. This is among the most helpful cmdlets for looking AD computer systems by numerous standards (to get details about AD consumer accounts, one other cmdlet is used – ).

Contents:

  • Get-ADComputer – Cmdlet Syntax
  • Get-ADComputer – Examples

Suppose your activity is to seek out all inactive computer systems in Active Directory that haven’t been registered in a site for greater than 120 days and disable these accounts.

Before utilizing Get-ADComputer cmdlet, you must import Active Directory Module for Windows PowerShell with the command:

Import-Module activedirectory

Tip. In PowerShell three.zero (launched in Windows Server 2012) or later, this module is imported by default, if the next part is put in: Remote Server Administration Tools -> Role Administration Tools -> AD DS and AD LDS Tools -> Active Directory module for Windows PowerShell. To use the Get-ADComputer cmdlet in the desktop OSs (Windows 10, eight.1 or Windows 7), you will need to obtain and set up the on your model of the OS and allow the AD-Powershell module from the Control Panel or utilizing the command:

Enable-WindowsOptionalFeature -Online -FunctionName RSATClient-Roles-AD-Powershell

Get-ADComputer – Cmdlet Syntax

You can get assistance on Get-ADComputer cmdlet parameters as regular with Get-Help command:

Get-Help Get-ADComputer

To get data from AD utilizing the cmdlets from the AD for PowerShell module, you don’t must have the area admin privileges. It is adequate that the account beneath which the cmdlet is being run is a member of the Domain Users / Authenticated Users group.

To get details about a particular laptop account in the area, specify its identify as an argument of the -Identity parameter:

Get-ADComputer -Identity SRV-DB01

DistinguishedName : CN=SRV-DB01,OU=Servers,OU=London,OU=UK,DC=woshub,DC=com
DNSHostName       : SRV-DB01.woshub.com
Enabled           : True
Name              : SRV-DB01
ObjectClass       : laptop
ObjectGUID        : 87654321-1234-5678-0000-123412341234
SamAccountName    : SRV-DB01$
SID               : S-1-5-21-123456780-1234567890-0987654321-1234
UserPrincipalName :

The cmdlet Get-ADComputer returned solely the fundamental properties of the Computer object from AD. We have an interest in the time of the final laptop registration in the AD area, however this data just isn’t displayed in the output of the command above. You can checklist all accessible properties of this laptop object from Active Directory:

Get-ADComputer -Identity SRV-DB01 -Properties *

Using Get-Member, you may get an inventory of all of the properties of the Computer class in AD:

Get-ADComputer -Filter * -Properties * | Get-Member

As you possibly can see, the final logon date of this laptop to the community is specified in the pc’s attribute LastLogonDate – 09/21/2015 zero:20:17.

The Get-ADComputer cmdlet means that you can show any of the pc’s properties in the command outcomes. Remove all pointless data leaving solely values of Name and LastLogonDate attributes.

Get-ADComputer -identity SRV-DB01 -Properties * | FT Name, LastLogonDate -Autosize

So, we acquired knowledge on the final time of registration in the area for a single laptop. Then you must modify the command to make it show the details about the time of the final community registration for all computer systems in the area. To do it, substitute –Identity to –Filter *:

Get-ADComputer -Filter * -Properties * | FT Name, LastLogonDate -Autosize

We bought a easy desk that incorporates solely 2 fields: laptop identify and LastLogonData date. You can add different fields of the Computer object from AD to this desk.

To show the details about the pc objects in a specific OU (organizational unit), use the –SearchBase parameter:

Get-ADComputer -SearchBase ‘OU=Paris,DC=woshub,DC=loc’ -Filter * -Properties * | FT Name, LastLogonDate -Autosize

Sort the question outcomes by the date of the final logon utilizing the Sort cmdlet:

Get-ADComputer -Filter * -Properties * | Sort LastLogonDate | FT Name, LastLogonDate -Autosize

So, we’ve bought the checklist of computer systems and the date they final logged on to the Active Directory area. Now we wish to disable the pc accounts that weren’t used for 120 days or extra.

Using Get-Date we are able to get the worth of the present date in the variable and cut back it to 120 days:

$date_with_offset= (Get-Date).AddDays(-120)

The ensuing date variable can be utilized as a filter of Get-ADComputer question in LastLogonDate subject:

Get-ADComputer -Properties LastLogonDate -Filter | Sort LastLogonDate | FT Name, LastLogonDate -Autosize

So we’ve created an inventory of inactive laptop accounts that haven’t been registered on the community for greater than 120 days. Use the Disable-ADAccount or Set-ADComputer command to disable them.

TipFor the primary time, it’s higher to check the outcomes of the command with the –WhatIf change, which permits to see what occurs if the command has been run with no adjustments to the system.

Get-ADComputer -Properties LastLogonDate -Filter | Set-ADComputer -Enabled $false -whatif

Now you possibly can disable all inactive laptop accounts:

Get-ADComputer -Properties LastLogonDate -Filter | Set-ADComputer -Enabled $false

Note. Also you may get an inventory of blocked, disabled and inactive computer systems and area customers utilizing a separate cmdlet .

Get-ADComputer – Examples

Below are some extra helpful examples of utilizing the Get-ADComputer cmdlet to question and search laptop objects in the area by particular standards.

Get the overall variety of all lively (unlocked) computer systems in Active Directory:

(Get-ADComputer -Filter ).depend

Calculate the variety of Windows Server situations in the AD area:

(Get-ADComputer -Filter ).depend

Get an inventory of computer systems in a particular OU whose names start with LonPC:

Get-ADComputer -Filter -SearchBase ‘OU=London,DC=woshub,DC=com’  -Properties IPv4Address | Format-table Name,DNSHostName,IPv4Address | ft -Wrap –Auto

When looking in the OU, you should utilize the extra parameter -SearchScope 1, which implies that it’s essential to search solely in the OU root. The -SearchScope 2 choice signifies a recursive seek for computer systems in all nested OUs.

To discover all workstation computer systems working Windows 10:

Get-ADComputer -Filter

Get the checklist of servers in the area with the OS model, Service Pack put in and IP deal with:

Get-ADComputer -Filter 'operatingsystem -like "*Windows server*" -and enabled -eq "true"' -Properties  Name,Operatingsystem, OperatingSystemVersion, OperatingSystemServicePack,IPv4Address | Sort-Object -Property Operatingsystem | Select-Object -Property Name,Operatingsystem, OperatingSystemVersion, OperatingSystemServicePack, IPv4Address| ft -Wrap –Auto

The output was such a lovely desk with an inventory of Windows Server in the AD:

The -LDAPFilter attribute means that you can use numerous LDAP queries as a parameter of the Get-ADComputer cmdlet, for instance:

Get-ADComputer -LDAPFilter "(identify=*db*)"|ft

Find all disabled computer systems in a particular Active Directory OU:

Get-ADComputer -filter * -SearchBase ‘OU=Computers,OU=London,DC=woshub,dc=com’ | Where-Object

To delete all laptop accounts that haven’t been logged into the area for greater than 6 months, you should utilize the command:
Get-ADComputer -properties lastLogonDate -filter * | the place | Remove-ADComputer

The results of the Get-ADComputer command might be exported to a plain textual content file:

Get-ADComputer -Filter -Properties OperatingSystem | Select DNSHostName, OperatingSystem | Format-Table -AutoDimension C:Scriptserver_system.txt

You can even get an inventory of computer systems and export it to a CSV file:

Get-ADComputer -Filter * -Property * | Select-Object Name,OperatingSystem,OperatingSystemServicePack | Export-CSV All-Windows.csv -NoTypeInformation -Encoding UTF8

Or get an HTML report file with an inventory of computer systems and obligatory properties:

Get-ADComputer -Filter -Properties * | Select-Object Name,OperatingSystem | ConvertTo-Html | Out-File C:psad_computers_list.html

To carry out a particular motion with all of the computer systems in the ensuing checklist, you will need to use the Foreach loop. In this instance, we wish to create an inventory of servers in the area and request particular data from every server (the consequence file ought to include the server identify, producer and server mannequin).

$Computers = Get-ADComputer -Filter
Foreach ($Computer in $Computers)

You can use a shorter loop syntax. Suppose it’s essential to run a particular command on all computer systems in a particular OU (in this instance, I wish to run a bunch coverage replace command on all servers):

get-adcomputer -SearchBase "OU=Servers,DC=woshub,DC=com" -Filter * | %

Using Get-AdvertComputer and the , you possibly can management numerous laptop settings. For instance, I monitor the standing of the SCCM agent (service) on customers’ computer systems. A small logon script is executed on every laptop throughout startup, which saves the ccmexec service standing to a unused laptop attribute – extensionAttribute10.

Then, utilizing the next command, I can discover computer systems on which the CCMExec service is lacking or not working.

get-adcomputer -filter -SearchBase “OU=Compters,OU=London,DC=woshub,DC=com” -properties dNSHostName,extensionAttribute10,LastLogonDate  |select-object dNSHostName,extensionAttribute10,LastLogonDate

Check Also

Managing Microsoft Office Settings with GPO Administrative Templates

To centrally handle the settings of Microsoft Office applications (Word, Excel. Outlook, Visio, PowerPoint, and …

Leave a Reply

Your email address will not be published. Required fields are marked *