I have a task to get the number of computers connected to a certain Active Directory, grouped by OS.
I figured out how to find out the name of the OS installed on a certain computer:
Get-ADComputer -Filter * -Properties * | Select-Object -ExpandProperty OperatingSystem
I am having a hard time understanding, how should I group and then count the different kind of operating system in powershell. Also in the testing enviroment I got set up, I only have one computer connected to the AD, so I really don't have room to test out my ideas. I have requested some additional virtual machines to be connected to the AD, but I would like to figure the how until I get those.
As suggested in the comments by #Scepticalist - Group-Object is the tool designed for this specific purpose.
Get-ADComputer -Filter * -Properties OperatingSystem | group-object OperatingSystem | select name,count
All Windows Servers
Get-ADComputer -Filter {operatingsystem -like 'server'} -Properties Name,Operatingsystem,OperatingSystemVersion,IPv4Address,lastlogondate | Export-Csv c:\temp\WinServers6.csv
All Windows clients
Get-ADComputer -Filter {operatingsystem -notlike 'server'} -Properties Name,Operatingsystem,OperatingSystemVersion,IPv4Address,lastlogondate | Export-Csv c:\temp\WinClients.csv
All Computers in AD
Get-ADComputer -Filter * -Properties Name,Operatingsystem,OperatingSystemVersion,IPv4Address
Related
I'm trying to get to:
Remote Sites
MyCity
Computers
and get a list of all the computers.
Here's what I have so far:
Get-ADComputer -Filter * -SearchBase "OU=MyCity,DC=MyDomain,DC=com" |
Select -Property Name, DNSHostName, Enable, LastLogonDate
I'm trying to retrieve only enabled users in the AD. When I run this code line it returns the error. I tried using a filter as well to filter only enabled users for the requested info but it returns ALL users from every domain instead of just the single id.
Get-ADUser : A positional parameter cannot be found that accepts argument 'enabled -eq 'true''.
This is my code that is throwing the error.
Get-ADGroupMember -Identity 'Animal Shop A' | Get-ADUser -Filter '*' | Get-ADUser Where "enabled -eq 'true'" | Get-ADUser -Properties ('Mail')
This one returns ALL users from every domain
Get-ADGroupMember -Identity 'Animal Shop A' | Get-ADUser -Filter "enabled -eq'true'" | Get-ADUser -Properties ('Mail')
Is my syntax wrong on both of them? If I just want to return values from say "Animal shop A" and then "Animal Shop B"
.. or a little bit shorter this way:
Get-ADUser -Filter 'enabled -eq $true' -Properties mail |
Select-Object -Property Name,samaccountname,mail
Besides this I would recommend to use a -SearchBase. That's less stressful for the AD. ;-)
Get-ADUser -Filter * -Properties mail | Where { $_.Enabled -eq $True} | Select Name,samaccountname,mail
That will get all enabled users in your target domain that are enabled and display the name, username, and mail properties
Important to know for both commands:
You must work with an elevated powershell process.
Otherwise the result may not be complete.
get-aduser -filter 'enabled -eq "true"' -ResultSetSize $Null
simply try below commands in powershell as administrator permission.
As a guide, the first part will filter users, second part filtered enabled users and last part will give you export of results.
Get-ADUser -Filter * -Property Enabled | Where-Object {$_.Enabled -like “false”} | Export-Csv -Path C:\eport.csv -Encoding ascii -NoTypeInformation
hope to be useful for you.
I have the below LDAP query (from my previous question answered by Bill_Stewart) in my script that returns all computers from Get-ADComputer for Windows 7, with some exclusions.
$computersFilter= "(&(operatingSystem=*Windows 7*)(name=*-*)(!name=V7-*)(!name=*-none)(!name=*-oncall)(!name=*-blackbaud)(!name=sc-win7-1)(!name=ut-swclient-01))"
and it works fine with the below call to Get-ADComputer:
$computers= Get-ADComputer -LDAPFilter $computersFilter -Property LastLogonDate | Select-Object Name,LastLogonDate
$computers | Select Name, LastlogonDate | Export-Csv $ServiceTagsPath -NoTypeInformation
However, I want to have my query return all computers with Windows 7 and above but when I change it like so:
(&(operatingSystem=*Windows 7*)(operatingSystem=*Windows 8*)(operatingSystem=*Windows 10*)
nothing is returned into the $computers variable.
So what's the right way to write an LDAP query to return all operating system versions Windows 7 and above?
After some help from Rob in the comments, and some more research, I found that the correct way is to use OR, and the operator is |
like so:
$computersFilter= "(&(|(operatingSystem=*Windows 7*)"
$computersFilter+= "(operatingSystem=*Windows 8*)"
$computersFilter+= "(operatingSystem=*Windows 8.1*)"
$computersFilter+= "(operatingSystem=*Windows 10*))"
$computersFilter+= "(name=*-*)(!name=V7-*)(!name=*-none)(!name=*-oncall)"
$computersFilter+= "(!name=*-blackbaud)(!name=sc-win7-1)(!name=ut-swclient-01))"
$computers= Get-ADComputer -LDAPFilter $computersFilter
-Property * | Select-Object Name, OperatingSystem, LastLogonDate
$computers | Select Name, OperatingSystem, LastLogonDate |
Export-Csv $ServiceTagsPath -NoTypeInformation
References:
IBM LDAP Search Filter Expressions
MSDN - LDAP Query Basics
Trying to list all computers with their OS information that belong to another trusted domain, but OperatingSystem and OperatingSystemVersion returns blank values:
Get-ADComputer -Filter * -Properties Name, OperatingSystem, OperatingSystemVersion -SearchBase "" -Server OtherDomain.com.au:3268 | Format-Table Name, OperatingSystem, OperatingSystemVersion
Only the Name property is populated.
If I run this, it returns alot of info, but the OS info is all blank:
Get-ADComputer -Filter * -Properties * -SearchBase "" -Server OtherDomain.com.au:3268
If I run this command on the "OtherDomain" it works just fine:
Get-ADComputer -Filter * -Properties Name, OperatingSystem, OperatingSystemVersion | Format-Table Name, OperatingSystem, OperatingSystemVersion
I get all 3 information I want. Is there some security issue here that I am encountering when I run it from a different domain? I can browse through Active Directory Users and Computers (dsa.msc) and see the OS information of computers in the other domain without a problem too.
I'm using Powershell 3.0
Get-ADComputer -Filter * -Properties Name, OperatingSystem, OperatingSystemVersion -SearchBase "DC=OtherDomain,DC=com,DC=au" -Server "OtherDomain.com.au" | Format-Table Name, OperatingSystem, OperatingSystemVersion
Had to include a value in the Searchbase parameter (cdidn't work with a null value) and remove the port number from the Server parameter value.
I am using the powershell command below to get a list of computers that havent been logged into in the past 60 days. This is returning all OU computers. Is it possible to change the line below to return from a certain OU?
Get-ADComputer -Property Name,lastLogonDate -Filter {lastLogonDate -lt $then} | FT Name,lastLogonDate
From the online help page try using -SearchBase filter
C:\PS>Get-ADComputer -LDAPFilter "(name=*laptop*)" -SearchBase "CN=Computers,DC=Fabrikam,DC=com"