If you want to know the computer objects in a particular OU or group, you can work with the GUI tools Active Directory Users and Computers (ADUC) or Active Directory Administrative Center. However, PowerShell and dsquery are faster and more flexible.

Say you want to find out which computers will be affected if you link a GPO to a certain OU. You could run the following dsquery command:

dsquery computer "OU=IT,DC=contoso,DC=com" -o rdn

The result would be a list of computer names. If you omit the -o switch with the rdn value, you receive a list of Distinguished Names.

If you need further properties in addition to the name, or if you want to add a filter to the query, the Get-ADcomputer cmdlet is helpful. Like its counterpart Get-ADUser (which allows you to read user objects), you have to pass either the object name or a filter as parameter. If you want to display all computers, you can use -Filter with a wildcard:

Get-ADComputer -Filter *

As usual, you can add conditional statements to the filter to restrict the output. The following example would display all Windows 8.1 PCs provided you named the computers accordingly:

Get-ADComputer -Filter "Name -like 'Win81*'"

To limit the query to a particular OU, you need the additional parameter -SearchBase:

Get-ADComputer -Filter * -SearchBase "OU=IT, DC=contoso, DC=com"

The search in a particular group follows a similar pattern:

Subscribe to 4sysops newsletter!

Get-ADComputer -Filter * -SearchBase "CN=Workstations, DC=contoso, DC=com"

If you want to list not only the default computer object attributes, you have to add -Properties * to the command.

  1. Avatar
    David 7 years ago

    How can I use this Cmdlet to show all windows 10 computers that have not been upgraded to Windows 10 Anniversary update?


    • Avatar
      Ben Buck 6 years ago

      Here is one way to do it

      Part A
      $workstations=get-adcomputer -filter * -searchbase “ou=workstations, dc=contoso, dc=com” | select-object -expand name
      For contoso and com, use your own companie’s domain.  for example dc=Microsoft dc=local

      Part B
      get-wmiobject win32_operatingsystem -cn $workstations | export-csv .\windows10.csv

      In part A you store the computer names as a variable called $workstations.  get-adcomputers produces names in format .adcomputers.  In part B -computer names must be read in as strings, not .adcomptuers.  Do more research on this, it is a very important topic.  The command -expand name converts it from .adcomputers to string.

      In part b you use the variable to pass all the computer names, and save out the file as .csv

      Note that this command takes some time to run.  Also, any computers not turned on will result in red error text.  Do not kill or control + C on the powershell prompt.  Allow it to finish and get back to the flashing prompt.

      In the final report, convert over to Excel and delete all columns but description and build number.  As of May 2017 the current Creators Edition build is 15063.

      There are some ways to clean up this command.  You can eliminate the variable and combine both commands into one using parenthesis.  Its also possible to select only name and description in part b so that you don’t have to delete extra data in the csv file.  Experiment!


      • Avatar
        Drruncmd 4 years ago

        I tried this command script with my actual info taken out:

        "$workstations=get-adcomputer -filter * -searchbase "OU=Domain Computers, DC=, DC=, DC=" | select-object -expand name

        "get-wmiobject win32_operatingsystem -cn $workstations | export-csv d:\windows10.csv -notypeinformation"

        The OU is correct and active in AD, have tried other OU containers also but still not working. Console replies with the error:

        "Get-WmiObject : Cannot validate argument on parameter 'ComputerName'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again."

    • Avatar
      Randy 6 years ago

      This will do the trick:

      (Get-ADComputer -properties * -filter “OperatingSystem  -like ‘Windows 10*’ -and OperatingSystemVersion -notlike ‘*14393*'”).name

      The “.name” at the end will just return the computer name. You can get rid of that if you want all of the information.

      “OperatingSystem  -like ‘Windows 10*'” will return Windows 10 only, and “OperatingSystemVersion -notlike ‘*14393*'” will filter out anything not on the Anniversary edition. Unfortunately, this will also exclude anything newer than that. So if you want to make sure that they’re all up-to-date, just replace 14393 with the current version number.

      The “searchBase” switch is optional, and is only really necessary if you only want to search through a part of your domain. Without that switch, it will default to searching the entire domain. Because of this, I left it out of my example.

  2. Avatar
    Guru 5 years ago

    How can I get computer names of particular OU along with properties of operating system, version and Service Pack.

  3. Avatar
    Leo 3 years ago

    Its really very useful. Thank you. I have one query. Please help me.
    I want to add only member server (Without Domain Controller) to particular OU
    Please provide a script for removing Domain Controller (Not member server) from OU.
    Thanks in advance

    • Avatar
      Leos Marek (Rank 4) 3 years ago

      Could you provide better description of what you want to do? 

      Move member servers to an OU from where? Your whole AD?

      Or remove DCs from OU and move them where?

  4. Avatar
    Ian 3 years ago

    So I need to list all Servers (server OS) along with their OU in the whole AD…..


    I can get the list of servers no problem

    Get-ADComputer -Filter {OperatingSystem -Like "*Server*"} | Select -Expand Name | Out-File C:\Test\TestServers.txt


    But can't figure an easy way to get a simple OU name listed too……..

    • Avatar
      Leos Marek (Rank 4) 3 years ago

      Just like this

      Get-ADComputer -Filter {OperatingSystem -Like "*Server*"} | Select Name, DistinguishedName


      • Avatar
        Michael Kurzdorfer 3 years ago

        You might find CanonicalName property easier to read.  Leos's example using the DistinguishedName is far more powerful if you were going to take take actions against the systems.

        Get-ADComputer -Filter {OperatingSystem -Like "*Server*"} -Properties | Select Name, CanonicalName

  5. Avatar
    Michael Webber 1 year ago

    I used this to get the OU:

    Get-ADComputer -Filter {OperatingSystem -Like “*Server*”} -Properties * | select Name, @{n=’OU’;e={$_.canonicalname -replace “/$($_.cn)”,””}}, Enabled

Leave a reply to Leos Marek (Rank 4) Click here to cancel the reply

Please enclose code in pre tags

Your email address will not be published. Required fields are marked *


© 4sysops 2006 - 2023


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account