Active Directory | Stephen Hackers Blog

Jul 11, 2018

List Computer Object in an Active Directory OU using PowerShell

By Steve in DS Commands, Microsoft, Microsoft Server 2016, Powershell Tag Active Directory, export-csv, Filter, Get-ADComputer, List AD object, PowerShell, Searchbase, Windows 2016

How to get a list of computer objects in an active directory OU ( tested against Windows 2016 Active Directory )

A quick PowerShell script using Get-ADComputer command, a wild card filter and a search base pointing to a specific OU

First import modules for active directory in powershell

Copy and edit the script below:

## cmd

## dsquery computer -name servername (server name in the OU to get the OU path)

#Example lists domain controller in test.com

#Export list of names to CSV

Get-ADComputer -Filter * -SearchBase “OU=Domain Controllers,DC=test,DC=com” | Select Name | export-csv C:\temp\DCs.csv

( Like the post click and advert of interest to give us support)

May 4, 2018

Get-AdUser -Filter {Multiple Filters Complex } -Properties | Export to CSV

By Steve in Microsoft, Microsoft Server 2016, Microsoft Windows Server 2012, Powershell Tag Active Directory, Filters, Get-ADUser, PowerShell, Windows, Windows 2016

#Import AD modules

import-module servermanager
Add-WindowsFeature -Name “RSAT-AD-PowerShell” -IncludeAllSubFeature

#List AD user accounts and show DisplayName, Email, Title and export to CSV

Get-ADUser -Filter * -Properties DisplayName, EmailAddress, Title | select DisplayName, EmailAddress, Title | Export-CSV “C:\temp\Email_Addresses.csv”

#List AD user accounts and show DisplayName, Email, Title and export to CSV. Advanced filter to show ENABLED accounts only

Get-ADUser -Filter {Enabled -eq $true} -Properties DisplayName, SamAccountName, EmailAddress, Enabled, DistinguishedName | select DisplayName, SamAccountName, EmailAddress, Enabled, DistinguishedName | Export-CSV “C:\temp\Email_Addresses_allusers.csv”

#List AD user accounts and show DisplayName, Email, Title and export to CSV. Advanced filter to show ENABLED accounts only and email address ending @test.com

Get-ADUser -Filter {(Enabled -eq $true) -And (EmailAddress -Like “*@test.com”)} -Properties DisplayName, SamAccountName, EmailAddress, Enabled, DistinguishedName | select DisplayName, SamAccountName, EmailAddress, Enabled, DistinguishedName | Export-CSV “C:\temp\Email_Addresses_testdomain.csv”

May 2, 2018

Get a list of inactive computers which have not logged on to the domain in the last 12 weeks

By Steve in DS Commands, Microsoft, Microsoft Server 2016, Microsoft Windows Server 2008, Microsoft Windows Server 2012 Tag Active Directory, DSQUERY, Scripting, Windows

# Inactive computers ( this will include systems not regularly used)

# Launch command prompt as administrator and run the following commands

Dsquery computer -inactive 12 -limit 500

# Lists computers inactive for over 12 weeks and returns a limit of 500 results

Dsquery computer -inactive 12 -limit 500 | dsmod computer -disabled

# Lists computers inactive for over 12 weeks and returns a limit of 500 results and disables the computer accounts

# Similar command can be done for users.

May 2, 2018

Get a list of active computers which have logged on to the domain in the last 7 days

By Steve in Microsoft, Microsoft Server 2016, Powershell Tag Active, Active Directory, Computer Accounts, PowerShell

# Trying to work out is servers, laptops or desktops have been decommissioned
# Try this script
# Get a list of active computers which have logged on to the domain in the last 7 days

$Date = (Get-Date).AddDays(-7)
Get-ADComputer -Filter {LastLogonDate -gt $Date} | Select distinguishedName

# https://social.technet.microsoft.com/Forums/windows/en-US/4d412730-5937-48c2-bf17-0dc9db013241/list-active-computers-in-ad?forum=winserverDS
# Credit to Richard Mueller – MVP Enterprise Mobility (Directory Services)