[ad_1]
In this article, I want to share a couple of illustrations of Get-ADComputer command. If at any time you wondered how to get laptop or computer objects from Lively Listing by some unique home, by password very last established assets or range, previous logon day, or some other research conditions this post if for you. Underneath you can discover few scripts that I was making use of just lately 🙂
Get all personal computers
To get all computer systems from Active Directory we can just operate the following one particular-liner command:
Get-ADComputer -Filter *
There are numerous parameters that can be made use of in this command like SearchBase wherever you can specify Organizational Unit. For much more simple illustrations you can refer to the Microsoft Docs website page.
Get-ADComputer -Filter * -SearchBase 'OU=Pcs,DC=powershellbros,DC=com'
This more innovative script will get all computer systems and also export effects to CSV file:
#===============================================================================================
# -------------------------------- PARAMS and MODULE -------------------------------------------
#===============================================================================================
Try
# Import Modules
Import-Module ActiveDirectory -ErrorAction Halt
# Params
$RunTime = (Get-Day).ToUniversalTime()
$SavePath = "$PSScriptRootReports"
$DCName = ($env:LOGONSERVER -exchange "",'')
$FileDate = Get-Date -Format "yyyyMMddHHmmss"
$OutputCsv = "$SavePath$($FileDate)_All_Personal computers.csv"
$Folder = Check-Route $SavePath if (-not $Folder) [void] (New-Merchandise $SavePath -Type Listing -ErrorAction Quit)
"::::::: Script start time: $RunTime"
"`nGetting all computes"
"Success will be saved in: $OutputCsv"
"You should wait around...."
Catch
Produce-Warning $_.Exception.Message
Examine-Host "Script will end. Push enter to shut the window"
Exit
#===============================================================================================
# ---------------------------------- GET Computers ---------------------------------------------
#===============================================================================================
# Properties
$Props = @
Filter = "*"
Server = $DCName
ResultPageSize = 5000000
ResultSetSize = $null
Qualities="Identify",
'DistinguishedName',
'LastLogonDate',
'OperatingSystem',
'OperatingSystemVersion',
'whenCreated'
# Get computers and export to CSV
Get-ADComputer @Props | foreach Export-Csv $OutputCsv -NoTypeInformation -Append
#===============================================================================================
# --------------------------------- Final Effects ----------------------------------------------
#===============================================================================================
# Finish time
$EndTime = (Get-Date).ToUniversalTime()
"::::::: Script conclusion time: $EndTime"
$up = $EndTime - $RunTime
$uptime = "$($up.Times) times, $($up.Hrs)h, $($up.Minutes)mins"
# Final results
"`nScript was jogging for: $uptime"
"Complete quantity of computers: $((Import-CSV $OutputCsv | Evaluate-Object).Rely)"
Read through-Host "Push enter to close"
Get personal computer by lastlogondate property
Up coming instance can be handy to find personal computers in which lastlogondate is higher than 30 times. LDAPFilter: “(&(objectclass=computer)(lastlogontimestamp<=$LastLogon))”
# Params ##################################################################
$LastLogon = (Get-Date).AddDays(-30).ToFileTime()
$Props = @
LDAPFilter = "(&(objectclass=computer)(lastlogontimestamp<=$LastLogon))"
Server = ($env:LOGONSERVER -replace "",'')
ResultPageSize = 2000
ResultSetSize = $null
Properties="Name",
'OperatingSystem',
'SamAccountName',
'DistinguishedName',
'LastLogonDate'
# Get computers
Get-ADComputer @Props | select $Props.properties
Get computer by pwdlastset property
Here is a similar situation but this time it will get enabled comptuer objects by pwdlastset property. LDAPFilter: “(&(objectclass=computer)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(pwdlastset<=$pwd))”
#Import Modules and provide range ############################################
Try
Import-Module ActiveDirectory -ErrorAction Stop
[int]$Start = Read-Host "Please provide number for Password Last Set days (for example greater than 30 days ago)"
Catch
Write-Warning $_.Exception.Message
Read-Host "Script will end. Press enter to close the window"
Exit
#Params ##################################################################
$pwd = (Get-Date).AddDays(-$($Start)).ToFileTime()
$FileDate = Get-Date -Format "yyyyMMddHHmmss"
$OutputCsv = "$PSScriptRootReports$($FileDate)_PwdLastSet_Computers_$($Start)_days.csv"
"`nResults will be saved $OutputCsv"
"Generating report. Please wait..."
#Properties ##############################################################
$Props = @
LDAPFilter = "(&(objectclass=computer)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(pwdlastset<=$pwd))"
Server = ($env:LOGONSERVER -replace "",'')
ResultPageSize = 2000000
ResultSetSize = $null
Properties="DistinguishedName",'OperatingSystem', 'LastLogonDate' ,'pwdlastset', 'PasswordLastSet'
Get-ADComputer @Props | FOREACH
New-Object PSObject -Property ([ordered]@
Computername = $_.name
Enabled = $_.enabled
DistinguishedName = $_.DistinguishedName
OrganizationalUnit = If($_.DistinguishedName)(($_.DistinguishedName -split ',')[1]).trim()Else' - '
OperatingSystem = $_.OperatingSystem
LastLogonDate = $_.LastLogonDate
PasswordLastSet = If($_.PasswordLastSet)$_.PasswordLastSetElse' - '
PasswordLastSetDiff = If($_.PasswordLastSet) %"$($_.Days) days, $($_.Hours)h, $($_.Minutes)mins"Else' - '
)
| Export-Csv $OutputCsv -NoTypeInformation -Append
"$((Import-CSV $OutputCsv | Measure-Object ).count) computers with password last set greater than $Start days"
Read-Host "Press enter to close"
Get computer by password last set date range
In this example, you can find how to get computers by password last set date range. You will be asked to provide time range and script will get objects using LDAPfilter “(&(objectclass=computer)(pwdlastset<=$PwdStart)(pwdlastset>=$PwdEnd))”:
#===============================================================================================
# -------------------------------- PARAMS and MODULE -------------------------------------------
#===============================================================================================
Try
# Import Modules
Import-Module ActiveDirectory -ErrorAction Stop
# Specify range
[int]$Start = Read-Host "Please provide number for start of the range like 80 (80-90 days)"
[int]$End = Read-Host "Please provide number for end of the range like 90 (80-90 days)"
Catch
Write-Warning $_.Exception.Message
Read-Host "Script will end. Press enter to close the window"
Exit
# Proceed if range is valid
If($End -lt $Start)
Write-Warning "End of the time range is greater than start"
Exit
#===============================================================================================
# ---------------------------------- GET COMPUTERS ---------------------------------------------
#===============================================================================================
Try{
# Params
$PwdEnd = (Get-Date).AddDays(-$($End)).ToFileTime()
$PwdStart = (Get-Date).AddDays(-$($Start)).ToFileTime()
$FileDate = Get-Date -Format "yyyyMMddHHmmss"
$SavePath = "$PSScriptRootReports"
$OutputCsv = "$SavePath$($FileDate)_PwdLastSet_Computers_($($Start)-$($End)).csv"
$Folder = Test-Path $SavePath if (-not $Folder) [void] (New-Item $SavePath -Type Directory -ErrorAction Stop)
"`nResults will be saved $OutputCsv"
"Generating report. Please wait..."
# Command params
$Props = @
LDAPFilter = "(&(objectclass=computer)(pwdlastset<=$PwdStart)(pwdlastset>=$PwdEnd))"
Server = ($env:LOGONSERVER -replace "",'')
ResultPageSize = 2000000
ResultSetSize = $null
Homes="DistinguishedName",
'OperatingSystem',
'LastLogonDate',
'pwdlastset',
'PasswordLastSet'
# Get pcs
$Comps = Get-ADComputer @Props | Pick out-Item 'Name',
'Enabled',
'DistinguishedName',
'OperatingSystem',
'LastLogonDate',
'PasswordLastSet',
@n='PasswordLastSetDiff'e=(New-TimeSpan $_.PasswordLastSet)
}
Capture
Generate-Warning $_.Exception.Information
Browse-Host "Script will stop. Push enter to shut the window"
Exit
#===============================================================================================
# ---------------------------------- Ultimate Success ---------------------------------------------
#===============================================================================================
If($Comps) Measure-Item).count
"$CompCount personal computers"
# Export outcomes
$Comps
Else
"No effects for ($($Begin)-$($Conclude)) time array"
Read through-Host "Press any key to close"
Get laptop by any house
In final example, you can specify any property and benefit in LDAP filter: “(&(objectclass=laptop or computer)($Home=$Worth))”
#Import Modules and give assets ############################################
Check out
Import-Module ActiveDirectory -ErrorAction Prevent
[string]$Residence = Read through-Host "Remember to provide laptop or computer residence identify, for instance OperatingSystem"
[string]$Worth = Go through-Host "Please provide $Home home value, for illustration Home windows 10 Organization"
Catch
Publish-Warning $_.Exception.Information
Go through-Host "Script will finish. Push enter to shut the window"
Exit
If(!$House -and !$Benefit)
Publish-Warning "Some thing went completely wrong"
Else decide on 'Name', 'Enabled', $House
If($Comps) Evaluate-Object).depend
"$CompCount desktops"
$Comps
Else
"No results for $Assets"
Study-Host "Press any vital to close"
Please note 🙂 that WordPress is adding & figures to LDAPFilter: “(&(objectclass=computer)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(pwdlastset<=$pwd))”.
Valid LDAPFilter:
I hope this was informative for you 🙂 See you in next articles.
Related
[ad_2]
Source link