- Delegate permissions for domain join - Mon, Jun 5 2023
- Join Windows 11 to an Active Directory domain - Thu, Jun 1 2023
- Change Windows network profiles between public and private - Wed, May 24 2023
Say you want to find out which computers will be affected if you link a GPO to a certain OU. You could run the following dsquery command:
dsquery computer "OU=IT,DC=contoso,DC=com" -o rdn
The result would be a list of computer names. If you omit the -o switch with the rdn value, you receive a list of Distinguished Names.
If you need further properties in addition to the name, or if you want to add a filter to the query, the Get-ADcomputer cmdlet is helpful. Like its counterpart Get-ADUser (which allows you to read user objects), you have to pass either the object name or a filter as parameter. If you want to display all computers, you can use -Filter with a wildcard:
Get-ADComputer -Filter *
As usual, you can add conditional statements to the filter to restrict the output. The following example would display all Windows 8.1 PCs provided you named the computers accordingly:
Get-ADComputer -Filter "Name -like 'Win81*'"
To limit the query to a particular OU, you need the additional parameter -SearchBase:
Get-ADComputer -Filter * -SearchBase "OU=IT, DC=contoso, DC=com"
The search in a particular group follows a similar pattern:
Subscribe to 4sysops newsletter!
Get-ADComputer -Filter * -SearchBase "CN=Workstations, DC=contoso, DC=com"
If you want to list not only the default computer object attributes, you have to add -Properties * to the command.
How can I use this Cmdlet to show all windows 10 computers that have not been upgraded to Windows 10 Anniversary update?
Thanks.
Here is one way to do it
Part A
$workstations=get-adcomputer -filter * -searchbase “ou=workstations, dc=contoso, dc=com” | select-object -expand name
For contoso and com, use your own companie’s domain. for example dc=Microsoft dc=local
Part B
get-wmiobject win32_operatingsystem -cn $workstations | export-csv .\windows10.csv
In part A you store the computer names as a variable called $workstations. get-adcomputers produces names in format .adcomputers. In part B -computer names must be read in as strings, not .adcomptuers. Do more research on this, it is a very important topic. The command -expand name converts it from .adcomputers to string.
In part b you use the variable to pass all the computer names, and save out the file as .csv
Note that this command takes some time to run. Also, any computers not turned on will result in red error text. Do not kill or control + C on the powershell prompt. Allow it to finish and get back to the flashing prompt.
In the final report, convert over to Excel and delete all columns but description and build number. As of May 2017 the current Creators Edition build is 15063.
There are some ways to clean up this command. You can eliminate the variable and combine both commands into one using parenthesis. Its also possible to select only name and description in part b so that you don’t have to delete extra data in the csv file. Experiment!
I tried this command script with my actual info taken out:
"$workstations=get-adcomputer -filter * -searchbase "OU=Domain Computers, DC=, DC=, DC=" | select-object -expand name
"get-wmiobject win32_operatingsystem -cn $workstations | export-csv d:\windows10.csv -notypeinformation"
The OU is correct and active in AD, have tried other OU containers also but still not working. Console replies with the error:
"Get-WmiObject : Cannot validate argument on parameter 'ComputerName'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again."
This will do the trick:
The “.name” at the end will just return the computer name. You can get rid of that if you want all of the information.
“OperatingSystem -like ‘Windows 10*'” will return Windows 10 only, and “OperatingSystemVersion -notlike ‘*14393*'” will filter out anything not on the Anniversary edition. Unfortunately, this will also exclude anything newer than that. So if you want to make sure that they’re all up-to-date, just replace 14393 with the current version number.
The “searchBase” switch is optional, and is only really necessary if you only want to search through a part of your domain. Without that switch, it will default to searching the entire domain. Because of this, I left it out of my example.
How can I get computer names of particular OU along with properties of operating system, version and Service Pack.
Hello
Its really very useful. Thank you. I have one query. Please help me.
I want to add only member server (Without Domain Controller) to particular OU
(OR)
Please provide a script for removing Domain Controller (Not member server) from OU.
Thanks in advance
Regards
Leo.
Could you provide better description of what you want to do?
Move member servers to an OU from where? Your whole AD?
Or remove DCs from OU and move them where?
So I need to list all Servers (server OS) along with their OU in the whole AD…..
I can get the list of servers no problem
Get-ADComputer -Filter {OperatingSystem -Like "*Server*"} | Select -Expand Name | Out-File C:\Test\TestServers.txtBut can't figure an easy way to get a simple OU name listed too……..
Just like this
Get-ADComputer -Filter {OperatingSystem -Like "*Server*"} | Select Name, DistinguishedNameYou might find CanonicalName property easier to read. Leos's example using the DistinguishedName is far more powerful if you were going to take take actions against the systems.
Get-ADComputer -Filter {OperatingSystem -Like "*Server*"} -Properties | Select Name, CanonicalNameI used this to get the OU:
Get-ADComputer -Filter {OperatingSystem -Like “*Server*”} -Properties * | select Name, @{n=’OU’;e={$_.canonicalname -replace “/$($_.cn)”,””}}, Enabled