Get-AdComputer cmdlet in PowerShell is used to find one or more computers in the Active Directory or find computers in OU (Organization Unit). Using the PowerShell Get-AdComputer to get list of computers in OU, get adcomputer filter by the operating system.
Get-AdComputer performs a search to retrieve multiple computers in the active directory or return a single computer as well.
Get-AdComputer cmdlet retrieves the default set of computer object properties.
You can use the Get-AdComputer Properties parameter to retrieve additional properties.
PowerShell Get-AdComputer Cmdlet has a Identity parameter to retrieve specific computer objects from Active Directory.
If you want to retrieve one or more computer objects based on search criteria, use Filter or LDAPFilter parameters.
Using the get-adcomputer filter and get-adcomputer ldapfilter, you can get all computers in OU.
Prerequisites
To use the Get-AdComputer cmdlet, your system needs to have the following requirement:
- PowerShell Active Directory module to be installed
- Users with administrator access or have enough access to read Active Directory information
Tip: To know about which PowerShell modules are available in the system, run the below command in PowerShell ISE
Get-Module -ListAvailable
This command returns all the modules installed and available in the system. If an Active Directory module is not available then follow the Active Directory installation steps.
Cool Tip: How to get certificates using PowerShell!
Get-AdComputer Syntax
The Get-Adcomputer cmdlet in PowerShell returns one or more computer objects from Active Directory.
Syntax
Get-ADComputer [-AuthType <ADAuthType>] [-Credential <PSCredential>] -Filter <String> [-Properties <String[]>] [-ResultPageSize <Int32>] [-ResultSetSize <Int32>] [-SearchBase <String>] [-SearchScope <ADSearchScope>] [-Server <String>] [<CommonParameters>] Get-ADComputer [-AuthType <ADAuthType>] [-Credential <PSCredential>] [-Identity] <ADComputer> [-Partition <String>] [-Properties <String[]>] [-Server <String>] [<CommonParameters>] Get-ADComputer [-AuthType <ADAuthType>] [-Credential <PSCredential>] -LDAPFilter <String> [-Properties <String[]>] [-ResultPageSize <Int32>] [-ResultSetSize <Int32>] [-SearchBase <String>] [-SearchScope <ADSearchScope>] [-Server <String>] [<CommonParameters>]
Using Identity Parameter
Get-AdComputer Identity the parameter is used to get a single computer object from Active Directory.
You can identify a computer name by using
- GUID
- Distinguishedname
- SAM Account name
- Security Identifier (SID)
Let’s consider an example if you have a computer named it-2020 and want to retrieve it using the Get-AdComputer.
Get-AdComputer -Identity "it-2020"
Above get-adcomputer command get computer name it-2020 specified by Identity parameter in active directory.
It returns with the default set of adcomputer properties.
In our next example, if you want to get-adcomputer all properties for a given it-2020 computer object, run the below command
Get-AdComputer -Identity "it-2020" -Properties *
In the above code, the command will get ad computer properties, if you want to return a few properties, you can specify them as comma-delimited.
Cool Tip: Do you know the equivalent of the cat command in Windows?
Find all computers in OU
Get-AdComputer has a SearchBase parameter to limit the search to specific to an OU or its child OU.
Use the get-adcomputer searchbase parameter to get all computers in OU in PowerShell.
Get-ADComputer -Filter * -SearchBase 'OU=Sales, DC=Shellpro, DC=LOCAL'
Above PowerShell get adcomputer filter ou script, retrieve all computers specific to an organizational unit in Active Directory.
The output of the above PowerShell script gets all computers in OU.
Get a list of computers in OU and export it to CSV
To get a list of computers in OU and export the computer list from the active directory to a CSV file, use the PowerShell script
$OULocation = 'ou=Sales,dc=shellgeek,dc=com' $csvpath = 'C:\powershell\computers_in_ou.csv' Get-ADComputer -Filter * -SearchBase $OULocation | Select-object DistinguishedName,DNSHostName,Name | Export-Csv -NoType $csvpath
In the above get-adcomputer example, we have set the OU location and CSV path.
The Get-AdComputer filter parameter restricts the output of the query using the filter.
It uses the Get-AdComputer SearchBase parameter to search in specific OU.
It lists computers in OU and using Export-Csv exports the computer list from the active directory, and it outputs them to the CSV file.
Get all computers with a name start like or starting with a particular string
Very often administrator wants to get computer objects where the name starts with a particular string.
You can use the Get-Adcomputer Filter property to search for AD computer objects.
Get-ADComputer -Filter 'Name -like "it-20*"' -Properties *
In the above get-adcomputer example script, the command gets ad computer properties whose name starts with it-20 and returns all the properties for computer objects.
Cool Tip: Learn how to get aduser using userprincipalname!
Get Ad Computer Filter – get all computers in Active Directory
Get-ADComputer -Filter *
In the above get-adcomputer example, the PowerShell get-adcomputer filter with *(wildcard) returns all computer objects.
Get-AdComputer Multiple Filters – multiple names
You can search for computers where adcomputer name -like or name starts with a certain string.
Get-ADComputer -Filter 'Name -like "it-20*" -or Name -like "it-21*"' -Properties *
In the above get-adcomputer example, it returns one or more computers where names like it-20 or it-21 based on the get-adcomputer filter name -like property.
Get-AdComputer Multiple Filters – PasswordLastSet in the last 15 days
You can get computers from the active directory where the computer name starts with a specified name and password changes in the last 15 days.
$lastpwddate = [DateTime]::Today.AddDays(-15); Get-ADComputer -Filter 'Name -like "it-20*" -and PasswordLastSet -ge $lastpwddate ' -Properties *
In the above get-adcomputer example, get-adcomputer filter name like ‘it-20*’ to get all the computer names starts with it-20 and password changes in the last 15 days.
Cool Tip: Learn how to download zip files using PowerShell!
Get-AdComputer Filter by Windows 2016 Operating System
$os = Get-ADComputer -Filter * -Properties OperatingSystem -ResultPageSize 500 $os | where OperatingSystem -eq "Windows Server 2016" | select name
This command gets all the different OS systems found in the active directory.
It uses the get adcomputer filter to get a list of computers having an Operating System equal to Windows Server 2016.
In the above example, get-adcomputer filter operating system if it is equal to Window Server 2016 and gets a list of all computers.
Cool Tip: Use set-adgroup to modify active directory group attributes PowerShell!
Using Get-AdComputer LDAPFilter parameter
LDAPFilter parameter is used to retrieve one or more computers.
Let’s consider an example if you have a requirement to find computers in OU.
Get-ADComputer -LDAPFilter "(name=*it-20*)" -SearchBase "CN=Computers,DC= Sales,DC=com"
This command returns the computers from location CN= Computers, DC=Sales, DC=com.
Get-AdComputer LDAPFilter is used with the SearchBase parameter.
Using the SearchBase parameter limits the search to specific to an OU or its child OU.
Cool Tip: How to remove adcomputer PowerShell!
Get AdComputer Serial Number
You can get active directory computer serial number using Get-CimInstance cmdlet in PowerShell which uses the Win32_Bios method to get computer serial numbers.
Get-ADComputer -Filter *| Select-Object Name | Foreach-Object {Get-CimInstance Win32_Bios -ComputerName $_.Name -ErrorAction SilentlyContinue | Select-Object PSComputerName,SerialNumber}
In the above PowerShell script,
The Get-AdComputer command gets all active directory computers.
It passes the output to the second command where it gets adcomputer name only.
In the next command, it uses foreach-object to iterate over adcomputers.
It uses the Get-CimInstance cmdlet to get the computer name and serial number for each active directory computer.
Get-AdComputer FAQ
Consider an example, to find the computer name ‘comp-1’ in the active directory, use the below commandGet-ADComputer -Filter "name -eq 'comp-1'"
In the above example, it returns the computer name if the get-adcomputer filter name is like ‘comp-1’ in the active directory.
However, if you want to use a computer name stored in a variable and find it$comp = "comp-1"
Get-ADComputer -Filter "name -eq '$comp'"
If you want to find all the computers having Windows 10 operating system using the get-adcomputer filter, use the below command
Get-ADComputer -Filter {OperatingSystem -like ‘*Windows 10*’}
In the above PowerShell get-adcomputer example, the command returns a list of the computers if get-adcomputer filter operating system like ‘*Window 10*’
To find computers in OU (organizational unit) using the Get-AdComputer filter parameter, use the below command
Get-ADComputer -Filter * -SearchBase “OU=Sales, DC=shellgeek, DC=com”
In the above PowerShell get-adcomputer filter examples, it returns a list of the computers in OU if the get-adcomputer filter ou like Sales.
Let’s consider an example if you have multiple OU and you want to get a list of computers from multiple OUs using the Searchbase parameter, use the below command#Store OUs in variable
$OUs= "OU=Sales,DC=shellgeek,DC=com",
"OU=HR,DC=shellgeek,DC=com",
"OU=Finance,DC=shellgeek,DC=com"
$Ous | foreach { Get-ADComputer -Filter * -SearchBase $_} | Select Name
Use foreach to iterate over multiple OU and use the SearchBase parameter to get a list of computers using the get-adcomputer filter with OU.
Get-ADComputer -identity It-2020 -Properties * | FT Name, LastLogonDate -Autosize
This command returns get-adcomputer lastlogondate for computer name It-2020.
Read more on the difference between lastlogon and lastlogontimestamp in the active directory.
Let’s consider an example, we have to find computer accounts that have been not logged on to Active Directory in the last 90 days, you can get a list of accounts using the LastLogonTimeStamp property.
# Specify timeframe
$inactiveperiod = 90
$time = (Get-Date).Adddays(-($inactiveperiod))
Get-ADComputer -Filter {LastLogonTimeStamp -lt $time} -ResultPageSize 1000 -resultSetSize $null -Properties Name, SamAccountName| Export-CSV “C:\PowerShell\InActiveComputer.csv” –NoTypeInformation
This command performs a search for those computer accounts where the lastlogontimestamp has not been updated in the last 90 days and export all stale or inactive computer accounts to a CSV file.
Cool Tip: Check ad schema version PowerShell!
Conclusion
Hope you like the above article to use the PowerShell Get-AdComputer cmdlet to find computer object information from the active directory.
In the above PowerShell Get-AdComputer examples, we have seen many different examples to get a list of computers based on the get-adcomputer filter name or get-adcomputer filter operating system or get-adcomputer filter ou.
The above steps by steps guide on how to use Get-AdComputer cmdlet with different parameters like Identity, LDAPFilter, and SearchBase with real-world examples will help you understand the use of cmdlet.
You can find more topics about PowerShell Active Directory commands and PowerShell basics on the ShellGeek home page.