Windows OS Hub
  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu

 Windows OS Hub / Active Directory / Get-ADComputer: Find Computer Details in Active Directory with PowerShell

August 19, 2019 Active DirectoryPowerShell

Get-ADComputer: Find Computer Details in Active Directory with PowerShell

You can use the PowerShell cmdlet Get-ADComputer to get various information about computer account objects (servers and workstations) from Active Directory domain. This is one of the most useful cmdlets for searching AD computers by various criteria (to get information about AD user accounts, another cmdlet is used – Get-ADUser).

Contents:
  • Get-ADComputer – Cmdlet Syntax
  • Get-ADComputer – Examples

Suppose your task is to find all inactive computers in Active Directory that have not been registered in a domain for more than 120 days and disable these accounts.

Before using Get-ADComputer cmdlet, you have to import Active Directory Module for Windows PowerShell with the command:

Import-Module activedirectory

Tip. In PowerShell 3.0 (introduced in Windows Server 2012) or later, this module is imported by default, if the following component is installed: Remote Server Administration Tools -> Role Administration Tools -> AD DS and AD LDS Tools -> Active Directory module for Windows PowerShell. To use the Get-ADComputer cmdlet in the desktop OSs (Windows 10, 8.1 or Windows 7), you must download and install the RSAT for your version of the OS and enable the AD-Powershell module from the Control Panel or using the command:

Enable-WindowsOptionalFeature -Online -FeatureName RSATClient-Roles-AD-Powershell

enabling ad module for powershell

Get-ADComputer – Cmdlet Syntax

You can get help on Get-ADComputer cmdlet parameters as usual with Get-Help command:

Get-Help Get-ADComputer

Get-ADComputer cmdlet syntax help

To get information from AD using the cmdlets from the AD for PowerShell module, you don’t need to have the domain admin privileges. It is sufficient that the account under which the cmdlet is being run is a member of the Domain Users / Authenticated Users group.

To get information about a specific computer account in the domain, specify its name as an argument of the -Identity parameter:

Get-ADComputer -Identity SRV-DB01

Get-ADComputer -Identity

DistinguishedName : CN=SRV-DB01,OU=Servers,OU=London,OU=UK,DC=woshub,DC=com
DNSHostName       : SRV-DB01.woshub.com
Enabled           : True
Name              : SRV-DB01
ObjectClass       : computer
ObjectGUID        : 87654321-1234-5678-0000-123412341234
SamAccountName    : SRV-DB01$
SID               : S-1-5-21-123456780-1234567890-0987654321-1234
UserPrincipalName :

The cmdlet Get-ADComputer returned only the basic properties of the Computer object from AD. We are interested in the time of the last computer registration in the AD domain, but this information is not displayed in the output of the command above. You can list all available properties of this computer object from Active Directory:

Get-ADComputer -Identity SRV-DB01 -Properties *

All AD computer properties

Using Get-Member, you can get a list of all the properties of the Computer class in AD:

Get-ADComputer -Filter * -Properties * | Get-Member

As you can see, the last logon date of this computer to the network is specified in the computer’s attribute LastLogonDate – 09/21/2015 0:20:17.

The Get-ADComputer cmdlet allows you to display any of the computer’s properties in the command results. Remove all unnecessary information leaving only values of Name and LastLogonDate attributes.

Get-ADComputer -identity SRV-DB01 -Properties * | FT Name, LastLogonDate -Autosize

Get-ADComputer LastLogonDate

So, we received data on the last time of registration in the domain for a single computer. Then you have to modify the command to make it display the information about the time of the last network registration for all computers in the domain. To do it, replace –Identity to –Filter *:

Get-ADComputer -Filter * -Properties * | FT Name, LastLogonDate -Autosize

LastLogonDate of AD computers - table view

We got a simple table that contains only 2 fields: computer name and LastLogonData date. You can add other fields of the Computer object from AD to this table.

To display the information about the computer objects in a particular OU (organizational unit), use the –SearchBase parameter:

Get-ADComputer -SearchBase ‘OU=Paris,DC=woshub,DC=loc’ -Filter * -Properties * | FT Name, LastLogonDate -Autosize

Sort the query results by the date of the last logon using the Sort cmdlet:

Get-ADComputer -Filter * -Properties * | Sort LastLogonDate | FT Name, LastLogonDate -Autosize

Sort by LastLogonDate

So, we have got the list of computers and the date they last logged on to the Active Directory domain. Now we want to disable the computer accounts that weren’t used for 120 days or more.

Using Get-Date we can get the value of the current date in the variable and reduce it to 120 days:

$date_with_offset= (Get-Date).AddDays(-120)

The resulting date variable can be used as a filter of Get-ADComputer query in LastLogonDate field:

Get-ADComputer -Properties LastLogonDate -Filter {LastLogonDate -lt $date_with_offset } | Sort LastLogonDate | FT Name, LastLogonDate -Autosize

So we have created a list of inactive computer accounts that have not been registered on the network for more than 120 days. Use the Disable-ADAccount or Set-ADComputer command to disable them.

Tip. For the first time, it’s better to test the results of the command with the –WhatIf switch, which allows to see what happens if the command has been run with no changes to the system.

Get-ADComputer -Properties LastLogonDate -Filter {LastLogonData -lt $date_with_offset } | Set-ADComputer -Enabled $false -whatif

Now you can disable all inactive computer accounts:

Get-ADComputer -Properties LastLogonDate -Filter {LastLogonData -lt $datecutoff} | Set-ADComputer -Enabled $false

Note. Also you can get a list of blocked, disabled and inactive computers and domain users using a separate cmdlet Search-ADAccount.

Get-ADComputer – Examples

Below are some more useful examples of using the Get-ADComputer cmdlet to query and search computer objects in the domain by specific criteria.

Get the total number of all active (unlocked) computers in Active Directory:

(Get-ADComputer -Filter {enabled -eq "true"}).count

Calculate the number of Windows Server instances in the AD domain:

(Get-ADComputer -Filter {enabled -eq "true" -and OperatingSystem -Like '*Windows Server*' }).count

Get-ADComputer count desktop or server objects in the adGet a list of computers in a specific OU whose names begin with LonPC:

Get-ADComputer -Filter {Name -like "LonPC*"} -SearchBase ‘OU=London,DC=woshub,DC=com’  -Properties IPv4Address | Format-table Name,DNSHostName,IPv4Address | ft -Wrap –Auto

When searching in the OU, you can use the additional parameter -SearchScope 1, which means that you need to search only in the OU root. The -SearchScope 2 option indicates a recursive search for computers in all nested OUs.

To find all workstation computers running Windows 10:

Get-ADComputer -Filter {OperatingSystem -like '*Windows 10*'}

Get the list of servers in the domain with the OS version, Service Pack installed and IP address:

Get-ADComputer -Filter 'operatingsystem -like "*Windows server*" -and enabled -eq "true"' -Properties  Name,Operatingsystem, OperatingSystemVersion, OperatingSystemServicePack,IPv4Address | Sort-Object -Property Operatingsystem | Select-Object -Property Name,Operatingsystem, OperatingSystemVersion, OperatingSystemServicePack, IPv4Address| ft -Wrap –Auto

The output was such a beautiful table with a list of Windows Server in the AD:

get-ad-computers list with os version and ip address

The -LDAPFilter attribute allows you to use various LDAP queries as a parameter of the Get-ADComputer cmdlet, for example:

Get-ADComputer -LDAPFilter "(name=*db*)"|ft

Find all disabled computers in a specific Active Directory OU:

Get-ADComputer -filter * -SearchBase ‘OU=Computers,OU=London,DC=woshub,dc=com’ | Where-Object {$_.enabled -eq $False}

To delete all computer accounts that have not been logged into the domain for more than 6 months, you can use the command:
Get-ADComputer -properties lastLogonDate -filter * | where { $_.lastLogonDate -lt (get-date).addmonths(-6) } | Remove-ADComputer

The result of the Get-ADComputer command can be exported to a plain text file:

Get-ADComputer -Filter { OperatingSystem -Like '*Windows Server 2008*' } -Properties OperatingSystem | Select DNSHostName, OperatingSystem | Format-Table -AutoSize C:\Script\server_system.txt

You can also get a list of computers and export it to a CSV file:

Get-ADComputer -Filter * -Property * | Select-Object Name,OperatingSystem,OperatingSystemServicePack | Export-CSV All-Windows.csv -NoTypeInformation -Encoding UTF8

Or get an HTML report file with a list of computers and necessary properties:

Get-ADComputer -Filter {OperatingSystem -Like '*Windows Server 2012*' } -Properties * | Select-Object Name,OperatingSystem | ConvertTo-Html | Out-File C:\ps\ad_computers_list.html

ad-computer objects html report

To perform a specific action with all the computers in the resulting list, you must use the Foreach loop. In this example, we want to create a list of servers in the domain and request specific information from each server (the result file should contain the server name, manufacturer and server model).

$Computers = Get-ADComputer -Filter {OperatingSystem -Like '*Windows Server*'}
Foreach ($Computer in $Computers)
{
$Hostname = $Computer.Name
$ComputerInfo = (Get-WmiObject -Computername $Hostname Win32_ComputerSystem)
$Manufacturer = $Computer.Manufacturer
$Model = $Computer.Model
Write-Host "Name: $Hostname"
Write-Host "Manufacturer: $Manufacturer"
Write-Host "Model: $Model"
Write-Host " "
$Content = "$Hostname;$Manufacturer;$Model"
Add-Content -Value $Content -Path "C:\PS\ServersInfo.txt"
}

You can use a shorter loop syntax. Suppose you need to run a specific command on all computers in a specific OU (in this example, I want to run a group policy update command on all servers):

get-adcomputer -SearchBase "OU=Servers,DC=woshub,DC=com" -Filter * | %{ Invoke-Command -Computer $_.Name -ScriptBlock {gpupdate /force} }

Using Get-AdComputer and the PowerShell startup script, you can control various computer settings. For example, I monitor the status of the SCCM agent (service) on users’ computers. A small logon script is executed on each computer during startup, which saves the ccmexec service status to a unused computer attribute – extensionAttribute10.

Then, using the following command, I can find computers on which the CCMExec service is missing or not running.

get-adcomputer -filter {extensionAttribute10 -ne "SCCM Agent:Running"} -SearchBase “OU=Compters,OU=London,DC=woshub,DC=com” -properties dNSHostName,extensionAttribute10,LastLogonDate  |select-object dNSHostName,extensionAttribute10,LastLogonDate

get service status on the ad computers

19 comments
1
Facebook Twitter Google + Pinterest
previous post
Configuring Windows Firewall Settings and Rules with Group Policy
next post
Secure Password (Credentials) Encryption in PowerShell Scripts

Related Reading

Create Organizational Units (OU) Structure in Active Directory...

May 17, 2022

Windows Security Won’t Open or Shows a Blank...

May 17, 2022

How to Manually Install Windows Updates from CAB...

May 16, 2022

Deploying Software (MSI Packages) Using Group Policy

May 12, 2022

Enable or Disable MFA for Users in Azure/Microsoft...

April 27, 2022

19 comments

Blake Masri April 1, 2016 - 6:17 pm

When i run Get-ADComputer -Identity GM172Q13
it works
But when i run
Get-ADComputer -Identity GM172Q13 -Properties *
I get:
Get-ADComputer : One or more properties are invalid.
Parameter name: msDS-AssignedAuthNPolicy
At line:2 char:1
+ Get-ADComputer -Identity GM172Q13 -Properties *
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (GM172Q13:ADComputer) [Get-ADComputer], ArgumentException
    + FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentException,Microsoft.ActiveDirectory.Management.Commands.GetADComputer
Any ideas?

Reply
Blake Masri April 1, 2016 - 6:34 pm

Figured it out…. “This has been identified as a bug, and there’s a hotfix as described in KB2923122 that you can install. You could also install KB2928680 that contains the above hotfix, and others as well.”

Reply
carlochapline May 13, 2016 - 4:39 am

 Nice write-up !
Thanks for sharing this.
Here is another informative article which summarizes almost the similar concern and helps to find out inactive users & computer accounts in active directory. You can take further action to disable or remove them : http://activedirectorycleanup.blogspot.in/2014/08/find-inactive-users-compueters-inAD.html

Reply
Aniket Barve May 19, 2016 - 12:51 am

Nice information.
Is there a way i can import a list of computer names (Desktops) from a text file that I have and query againts only that list of ADcomputers to check there last logon time stamp ?
 
When i lookup help for Get-ADcomputers , the -Identity parameter accepts pipeline binding only by value and not by Propertyname, henec i am not able to do it.
Is there a way you could suggest.
I am trying something like this
$name = Get-content -path c:\pclist.txt
ForEach-Object
{ Get-Adcomputer -Identity $name -properties * | Format-table  name,created,lastlogon}

Reply
admin May 19, 2016 - 7:29 am

Hi,
Try to run the command below

get-content c:\pclist.txt | % {Get-ADComputer -Identity $_ -properties * | select name,created,lastlogon}

Reply
Dustin June 28, 2016 - 8:26 pm

Correct the .txt file output to this:
PS C:\Users\dwalker2> Get-ADComputer -Filter { OperatingSystem -Like ‘*Windows Server*’ } -Properties OperatingSystem | Select Name, OperatingSystem | Format-Table -Autosize | Out-File C:\Script\server_systems.txt

Reply
Barry Dragoon March 29, 2017 - 10:01 pm

When using an “Authenticated User” account, not a privileged account (i.e., a Domain Admin account), I’m unable to get the “OperatingSystem” attribute. Is there a method to retrieve the “OperatingSystem” attribute without using a “Domain Admin” or other ‘privileged’ account?

Reply
admin April 26, 2017 - 5:50 am

It’s pretty strange, by default, any domain user can get the value of this attribute

Reply
Kenni February 1, 2018 - 3:22 pm

Great!
is there a way to tell which user(account) was last logged on?

Reply
Max February 19, 2018 - 11:24 am

The computer account in AD does not store info about the current user of the system. This can be done using additional logon script.
But you can find logged user remotely using WMI in the interactive mode:
Get-WmiObject –ComputerName PCNameHere –Class Win32_ComputerSystem | Select-Object UserName

Reply
Kenni March 6, 2018 - 11:53 am

Thanks Max

The Get-WMIObject is a great approach

Reply
How to get Active Directory Computer’s info via Powershell? – Xture July 11, 2018 - 12:01 pm

[…] http://woshub.com/get-adcomputer-getting-active-directory-computers-info-via-powershell/ […]

Reply
rahul September 13, 2019 - 4:54 am

Can u pls suggest me to get windows version of adcomputers using powershell command

Reply
admin September 13, 2019 - 5:05 am

Try this code:
get-adcomputer -filter * -properties *|select Name,OperatingSystem,OperatingSystemVersion |ft

Reply
Alexander Kuhn November 9, 2021 - 9:21 am

Thank YOU very mutch that worked perfectly!

Reply
Kooma January 21, 2020 - 10:19 pm

I have list of SAM account names and I need to confirm the OS version on these machines, is there any PS script to help me with this?

Reply
admin January 28, 2020 - 6:06 am

Save the list of computer names to a plain text file and run the following PS code to get the OS version:
get-content c:\ps\pclist.txt | % {Get-ADComputer -Identity $_ -properties * | select name,operatingSystem,operatingSystemVersion}

Reply
felipe May 9, 2022 - 3:27 pm

Hola, alguin puede ayudarme, necesito sacar un listado de todos los equipos de mi dominio y que cada equipo muestre la version de Bios que tiene instalada pero no he encontrado como, alguno de ustedes podría apoyarme
Hello, can someone help me, I need to get a list of all the computers in my domain and that each computer shows the version of Bios that it has installed but I have not found how, could any of you help me

Reply
admin May 12, 2022 - 7:46 am

Try this:
$computers = (Get-ADComputer -Filter 'enabled -eq "true"').Name
$results = Invoke-Command $computers -ScriptBlock {Get-WmiObject -Class Win32_BIOS | select SMBIOSBIOSVersion}
$results | Select-Object PSComputerName, SMBIOSBIOSVersion

Reply

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange Server
  • Microsoft 365
  • Azure
  • Windows 11
  • Windows 10
  • Windows 7
  • Windows Server 2019
  • Windows Server 2016
  • Windows Server 2012 R2
  • PowerShell
  • VMWare
  • Hyper-V
  • MS Office

Recent Posts

  • Create Organizational Units (OU) Structure in Active Directory with PowerShell

    May 17, 2022
  • Windows Security Won’t Open or Shows a Blank Screen on Windows 10/ 11

    May 17, 2022
  • How to Manually Install Windows Updates from CAB and MSU Files?

    May 16, 2022
  • RDS and RemoteApp Performance Issues on Windows Server 2019/2016

    May 16, 2022
  • Deploying Software (MSI Packages) Using Group Policy

    May 12, 2022
  • Updating VMware ESXi Host from the Command Line

    May 11, 2022
  • Enable or Disable MFA for Users in Azure/Microsoft 365

    April 27, 2022
  • Fix: You’ll Need a New App to Open This Windows Defender Link

    April 27, 2022
  • How to Reset an Active Directory User Password with PowerShell and ADUC?

    April 27, 2022
  • How to Completely Uninstall Previous Versions of Office with Removal Scripts?

    April 26, 2022

Follow us

woshub.com

ad

  • Facebook
  • Twitter
  • RSS
Popular Posts
  • How to Configure Google Chrome Using Group Policy ADMX Templates?
  • Allow RDP Access to Domain Controller for Non-admin Users
  • How to Find the Source of Account Lockouts in Active Directory domain?
  • Deploy PowerShell Active Directory Module without Installing RSAT
  • Managing User Photos in Active Directory Using ThumbnailPhoto Attribute
  • Changing Desktop Background Wallpaper in Windows through GPO
  • How to Refresh AD Groups Membership without Reboot/Logoff?
Footer Logo

@2014 - 2018 - Windows OS Hub. All about operating systems for sysadmins


Back To Top