I have the below LDAP query (from my previous question answered by Bill_Stewart) in my script that returns all computers from Get-ADComputer for Windows 7, with some exclusions.
$computersFilter= "(&(operatingSystem=*Windows 7*)(name=*-*)(!name=V7-*)(!name=*-none)(!name=*-oncall)(!name=*-blackbaud)(!name=sc-win7-1)(!name=ut-swclient-01))"
and it works fine with the below call to Get-ADComputer:
$computers= Get-ADComputer -LDAPFilter $computersFilter -Property LastLogonDate | Select-Object Name,LastLogonDate
$computers | Select Name, LastlogonDate | Export-Csv $ServiceTagsPath -NoTypeInformation
However, I want to have my query return all computers with Windows 7 and above but when I change it like so:
(&(operatingSystem=*Windows 7*)(operatingSystem=*Windows 8*)(operatingSystem=*Windows 10*)
nothing is returned into the $computers variable.
So what's the right way to write an LDAP query to return all operating system versions Windows 7 and above?
After some help from Rob in the comments, and some more research, I found that the correct way is to use OR, and the operator is |
like so:
$computersFilter= "(&(|(operatingSystem=*Windows 7*)"
$computersFilter+= "(operatingSystem=*Windows 8*)"
$computersFilter+= "(operatingSystem=*Windows 8.1*)"
$computersFilter+= "(operatingSystem=*Windows 10*))"
$computersFilter+= "(name=*-*)(!name=V7-*)(!name=*-none)(!name=*-oncall)"
$computersFilter+= "(!name=*-blackbaud)(!name=sc-win7-1)(!name=ut-swclient-01))"
$computers= Get-ADComputer -LDAPFilter $computersFilter
-Property * | Select-Object Name, OperatingSystem, LastLogonDate
$computers | Select Name, OperatingSystem, LastLogonDate |
Export-Csv $ServiceTagsPath -NoTypeInformation
References:
IBM LDAP Search Filter Expressions
MSDN - LDAP Query Basics
Related
I wanted to know if I can retrieve via script or powershel command the extended build of windows in order to make a report of the computers which received the last patch and those which are in later version
What i want
for the moment I found this command but I only get the windows build
It only allows me to know which version of windows 10 the computers have
Get-ADComputer -Filter * -Properties OperatingSystemVersion | Select-Object -Prperty Name, OperatingSystemVersion
Thanks
try this:
get-ADComputer -Filter * -Properties OperatingSystemVersion, operatingSystem, name | #
Where-Object {($_.operatingSystem -like "Windows*")} |
Select-Object name, OperatingSystemVersion | sort name #or OperatingSystemVersion
If you want a build version:
(Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion" -Name "UBR").UBR
By
Invoke-Command -ComputerName name -ScriptBlock {}
I am trying to run a PS script on all AD groups within the domain. I want to select the info attribute within the AD properties as this includes additional information.
I am trying to use the below script, i am getting the correct results however the info attribute never appears to be outputted. Any ideas?
Get-ADGroup -Filter * -Properties info,samAccountName, DistinguishedName,Description,info | Export- .\groups.Csv
TIA
The info attribute is never shown in the output because there is no parameter called info. To view what parameters you are able to capture, run
get-adgroup -filter * -properties *|select -first 1|get-member
Or to see what those values look like for a typical group you could run this
get-adgroup -filter * -properties *|select -first 1|format-list *
Try this:
Get-ADGroup -Filter * | Select-Object SamAccountName, DistinguishedName, Description | Export-Csv -Path .\groups.Csv
Update
Get-ADGroup -filter * -Properties info,description | Select-Object SamAccountName, DistinguishedName, Description, Info | Export-Csv -Path .\groups.Csv
I have a task to get the number of computers connected to a certain Active Directory, grouped by OS.
I figured out how to find out the name of the OS installed on a certain computer:
Get-ADComputer -Filter * -Properties * | Select-Object -ExpandProperty OperatingSystem
I am having a hard time understanding, how should I group and then count the different kind of operating system in powershell. Also in the testing enviroment I got set up, I only have one computer connected to the AD, so I really don't have room to test out my ideas. I have requested some additional virtual machines to be connected to the AD, but I would like to figure the how until I get those.
As suggested in the comments by #Scepticalist - Group-Object is the tool designed for this specific purpose.
Get-ADComputer -Filter * -Properties OperatingSystem | group-object OperatingSystem | select name,count
All Windows Servers
Get-ADComputer -Filter {operatingsystem -like 'server'} -Properties Name,Operatingsystem,OperatingSystemVersion,IPv4Address,lastlogondate | Export-Csv c:\temp\WinServers6.csv
All Windows clients
Get-ADComputer -Filter {operatingsystem -notlike 'server'} -Properties Name,Operatingsystem,OperatingSystemVersion,IPv4Address,lastlogondate | Export-Csv c:\temp\WinClients.csv
All Computers in AD
Get-ADComputer -Filter * -Properties Name,Operatingsystem,OperatingSystemVersion,IPv4Address
I'm trying to retrieve only enabled users in the AD. When I run this code line it returns the error. I tried using a filter as well to filter only enabled users for the requested info but it returns ALL users from every domain instead of just the single id.
Get-ADUser : A positional parameter cannot be found that accepts argument 'enabled -eq 'true''.
This is my code that is throwing the error.
Get-ADGroupMember -Identity 'Animal Shop A' | Get-ADUser -Filter '*' | Get-ADUser Where "enabled -eq 'true'" | Get-ADUser -Properties ('Mail')
This one returns ALL users from every domain
Get-ADGroupMember -Identity 'Animal Shop A' | Get-ADUser -Filter "enabled -eq'true'" | Get-ADUser -Properties ('Mail')
Is my syntax wrong on both of them? If I just want to return values from say "Animal shop A" and then "Animal Shop B"
.. or a little bit shorter this way:
Get-ADUser -Filter 'enabled -eq $true' -Properties mail |
Select-Object -Property Name,samaccountname,mail
Besides this I would recommend to use a -SearchBase. That's less stressful for the AD. ;-)
Get-ADUser -Filter * -Properties mail | Where { $_.Enabled -eq $True} | Select Name,samaccountname,mail
That will get all enabled users in your target domain that are enabled and display the name, username, and mail properties
Important to know for both commands:
You must work with an elevated powershell process.
Otherwise the result may not be complete.
get-aduser -filter 'enabled -eq "true"' -ResultSetSize $Null
simply try below commands in powershell as administrator permission.
As a guide, the first part will filter users, second part filtered enabled users and last part will give you export of results.
Get-ADUser -Filter * -Property Enabled | Where-Object {$_.Enabled -like “false”} | Export-Csv -Path C:\eport.csv -Encoding ascii -NoTypeInformation
hope to be useful for you.
I'm in the process of cleaning up my inherited Domain Admins group and remove service accounts that are no longer needed. I'm trying to pull the group membership of the Domain Admins group and feed it into a Get-ADUser, with little success.
$name = Get-ADGroupMember "domain admins" | select -ExpandProperty Name
Foreach-Object {
Get-ADUser -Filter { Name -Like "$name"} -Properties * | FT Name, LastLogonDate
}
If I run the Get-ADGroupMember by itself it works. If I run the Get-ADUser with a name from the list (instead of the $name variable) it works. But when I attempt to tie them together it does not work.
I am glad you were able to make it work but I would like to offer some advice. First don't use -Properties * when all you really needed was LastLogonDate. You are pulling more data than you need to. Also you don't even need the ForEach loop since Get-Aduser will accept the pipeline input very nicely.
Get-ADGroupMember "domain admins" | Get-ADUser -Properties LastLogonDate |
Select Name,LastLogonDate
or if you really want console output, as supposed to standard output
Get-ADGroupMember "domain admins" | Get-ADUser -Properties LastLogonDate |
Format-Table Name,LastLogonDate -AutoSize
Thanks #EBGreen, your comment pointed me in the right direction. I am able to get what I need with the following:
Get-ADGroupMember "domain admins" | select -ExpandProperty SamAccountName | % {
$name=$_
Get-ADUser $_ -Properties *
} | FT Name, LastLogonDate -AutoSize