I am using the powershell command below to get a list of computers that havent been logged into in the past 60 days. This is returning all OU computers. Is it possible to change the line below to return from a certain OU?
Get-ADComputer -Property Name,lastLogonDate -Filter {lastLogonDate -lt $then} | FT Name,lastLogonDate
From the online help page try using -SearchBase filter
C:\PS>Get-ADComputer -LDAPFilter "(name=*laptop*)" -SearchBase "CN=Computers,DC=Fabrikam,DC=com"
Related
I'm trying to get an AD Security Group down to a manageable size, but due to display limits in Powershell, this is proving difficult for me. The group is down to 47,720 now after removing all disabled AD accounts. Now I'm trying to filter it down to Enabled users that live in this particular OU. Below is what I've used with success in the console.
Get-ADGroup "very_large_secgroup" -properties Member | Select-Object -expandproperty member | get-aduser -Filter * -SearchBase "OU=PurgeStudents,OU=DisabledAccounts,DC=contoso,DC=com" | Select-Object SamAccountName,DistinguishedName
When I try to count this, or pipe it via Out-File though, I get:
get-aduser : The input object cannot be bound to any parameters for the command either because the command does not take pipeline input or the input and its properties do not match any of the parameters that
take pipeline input.
At line:1 char:92
+ ... ty member | get-aduser -Filter * -SearchBase "OU=PurgeStudents,OU=Dis ...
Any assistance would be greatly appreciated, as I am a novice in Powershell magic.
Instead of using -Filter *, you could filter for all previous retrieved users. And there is a cmdlet to get the members of a group:
Get-ADGroupMember -Identity "very_large_secgroup" -Recursive | Foreach-Object {Get-ADUser -Filter "Name -like $_.Name" -SearchBase "OU=PurgeStudents,OU=DisabledAccounts,DC=contoso,DC=com" | Select-Object -Properties SamAccountName, DistinguishedName}
I have a task to get the number of computers connected to a certain Active Directory, grouped by OS.
I figured out how to find out the name of the OS installed on a certain computer:
Get-ADComputer -Filter * -Properties * | Select-Object -ExpandProperty OperatingSystem
I am having a hard time understanding, how should I group and then count the different kind of operating system in powershell. Also in the testing enviroment I got set up, I only have one computer connected to the AD, so I really don't have room to test out my ideas. I have requested some additional virtual machines to be connected to the AD, but I would like to figure the how until I get those.
As suggested in the comments by #Scepticalist - Group-Object is the tool designed for this specific purpose.
Get-ADComputer -Filter * -Properties OperatingSystem | group-object OperatingSystem | select name,count
All Windows Servers
Get-ADComputer -Filter {operatingsystem -like 'server'} -Properties Name,Operatingsystem,OperatingSystemVersion,IPv4Address,lastlogondate | Export-Csv c:\temp\WinServers6.csv
All Windows clients
Get-ADComputer -Filter {operatingsystem -notlike 'server'} -Properties Name,Operatingsystem,OperatingSystemVersion,IPv4Address,lastlogondate | Export-Csv c:\temp\WinClients.csv
All Computers in AD
Get-ADComputer -Filter * -Properties Name,Operatingsystem,OperatingSystemVersion,IPv4Address
I'm trying to get to:
Remote Sites
MyCity
Computers
and get a list of all the computers.
Here's what I have so far:
Get-ADComputer -Filter * -SearchBase "OU=MyCity,DC=MyDomain,DC=com" |
Select -Property Name, DNSHostName, Enable, LastLogonDate
I'm trying to remove all the principal group memberships starting with the name of all computer accounts in one specific ou.
I've tried browsing to the OU with the AD provider, typing gci and getting a list of all the computers in the ou to find their ADPrincipalGroupMembership which works. Also, using get-adcomputer -searchbase <ou> -filter * works too. But I can't then remove every group that each machine is a member of.
When I then try to expand on that with remove-ADPrincipalGroupMembership, my input for the groups to remove are system.string and remove-ADPrincipalGroupMembership won't accept that. I have something like this so far/
Get-ADComputer -SearchBase 'OU=blahblah' -Filter * |
Remove-ADPrincipalGroupMembership -MemberOf (Get-ADGroup -Filter 'name -like "17"')
I've read help and examples but I can't find how to do this. I don't want to give up and just use the gui :)
thank you
You can try this...I am not able to test it to confirm it works, but I think it should.
$Comps = Get-ADComputer -SearchBase 'OU=blahblah' -Filter * -Prop MemberOf
Foreach ($Comp in $Comps)
{
$Groups = $Comp.MemberOf | ? {$_ -like "CN=17*"}
if ($Groups)
{
Remove-ADPrincipalGroupMembership -Identity $Comp -MemberOf $Groups -Whatif #-Confirm $False
}
}
Assuming it works with the -whatif statement, by default I believe that command will prompt you if you're sure about each removal which could be a pain so you could uncomment -confirm $false to try and avoid that.
Also it is assuming the distinguished name of each group is going to be something along the lines of
CN=17groupA,OU=Computer Groups,OU=Computer,DC=TEST,DC=NET
How do you search multiple OU's in Active Directory. Say if there are 4 OU's for different users, and need to search only 3 of the 4.
Currently I am using the below to search one path, how would I expand that to search multiple OU's.
$OU='AD Path'
Get-ADUser -SearchBase $OU -Properties Lastlogondate -filter {lastlogondate -lt $DisableDays}
It looks like -searchbase takes <string>, so you would need to loop through OUs.
The following query would get users in each OU:
$OU=#('cn=users,dc=xyz,dc=com','ou=companyusers,dc=xyz,dc=com')
$ou | foreach { get-aduser -searchbase $_ ...}