List Computer Object in an Active Directory OU using PowerShell

How to get a list of computer objects in an active directory OU ( tested against Windows 2016 Active Directory )

A quick PowerShell script using Get-ADComputer  command, a wild card filter and a search base pointing to a specific OU

 

First import modules for active directory in powershell

 

Copy and edit the script below:

## cmd

## dsquery computer -name servername (server name in the OU to get the OU path)

#Example lists domain controller in test.com

#Export list of names to CSV

Get-ADComputer -Filter * -SearchBase “OU=Domain Controllers,DC=test,DC=com” | Select Name | export-csv C:\temp\DCs.csv

 

( Like the post click and advert of interest to give us support)

Get-AdUser -Filter {Multiple Filters Complex } -Properties | Export to CSV

#Import AD modules

import-module servermanager
Add-WindowsFeature -Name “RSAT-AD-PowerShell” -IncludeAllSubFeature

#List AD user accounts and show DisplayName, Email, Title and export to CSV

Get-ADUser -Filter * -Properties DisplayName, EmailAddress, Title | select DisplayName, EmailAddress, Title | Export-CSV “C:\temp\Email_Addresses.csv”

#List AD user accounts and show DisplayName, Email, Title and export to CSV. Advanced filter to show ENABLED accounts only

Get-ADUser -Filter {Enabled -eq $true} -Properties DisplayName, SamAccountName, EmailAddress, Enabled, DistinguishedName | select DisplayName, SamAccountName, EmailAddress, Enabled, DistinguishedName | Export-CSV “C:\temp\Email_Addresses_allusers.csv”

#List AD user accounts and show DisplayName, Email, Title and export to CSV. Advanced filter to show ENABLED accounts only and email address ending @test.com

Get-ADUser -Filter {(Enabled -eq $true) -And (EmailAddress -Like “*@test.com”)} -Properties DisplayName, SamAccountName, EmailAddress, Enabled, DistinguishedName | select DisplayName, SamAccountName, EmailAddress, Enabled, DistinguishedName | Export-CSV “C:\temp\Email_Addresses_testdomain.csv”

Get a list of inactive computers which have not logged on to the domain in the last 12 weeks

# Inactive computers ( this will include systems not regularly used)

# Launch command prompt as administrator and run the following commands

Dsquery computer -inactive 12 -limit 500

# Lists computers inactive for over 12 weeks and returns a limit of 500 results

Dsquery computer -inactive 12 -limit 500 | dsmod computer -disabled

# Lists computers inactive for over 12 weeks and returns a limit of 500 results and disables the computer accounts

 

# Similar command can be done for users.

 

Get a list of active computers which have logged on to the domain in the last 7 days

# Trying to work out is servers, laptops or desktops have been decommissioned
# Try this script
# Get a list of active computers which have logged on to the domain in the last 7 days

$Date = (Get-Date).AddDays(-7)
Get-ADComputer -Filter {LastLogonDate -gt $Date} | Select distinguishedName

# https://social.technet.microsoft.com/Forums/windows/en-US/4d412730-5937-48c2-bf17-0dc9db013241/list-active-computers-in-ad?forum=winserverDS
# Credit to Richard Mueller – MVP Enterprise Mobility (Directory Services)