Get one or more Active Directory computers.

      Get-ADComputer [-Identity] ADComputer
         [-AuthType {Negotiate | Basic}] [-Credential PSCredential]
            [-Partition string] [-Properties string[]]
               [-Server string] [CommonParameters]
      Get-ADComputer { -Filter string | -LDAPFilter string }
         [-ResultPageSize int] [-ResultSetSize Int32]
            [-SearchBase string] [-SearchScope {Base | OneLevel | Subtree}]
               [-AuthType {Negotiate | Basic}] [-Credential PSCredential]
                  [-Partition string] [-Properties string[]]
                     [-Server string] [CommonParameters]

   -AuthType {Negotiate | Basic}
       The authentication method to use:
          Negotiate or 0
          Basic or 1
       A Secure Sockets Layer (SSL) connection is required for the Basic authentication method.

   -Credential PSCredential
       A user account that has permission to perform this action.
       The default is the current user unless the cmdlet is run from an AD PowerShell provider drive
       in which case the account associated with the drive is the default.

       "User64" or "Domain01\User64" or a PSCredential object.

   -Filter { string }
       A query string that retrieves Active Directory objects.
       This string uses the PowerShell Expression Language syntax.
       Supported Operators: -eq -le -ge -ne -lt -gt -approx -bor -band -recursivematch -like -notlike -and -or -not
       Also see about_ActiveDirectory_Filter. 

   -Identity ADComputer
       An AD computer object:

          Distinguished Name
             Example: CN=PC1234,CN=Europe,CN=Users,DC=SS64,DC=com
          GUID  (objectGUID)
             Example: af4867a2-5aa1-4143-bef2-b56c5c9a78de
          Security Identifier (objectSid)
             Example: S-1-5-21-3164297828-301567370-526410523-1153
          Security Accounts Manager Account Name (sAMAccountName)
             Example: PC1234

       The identifier in parentheses is the LDAP provider name for the attribute.

       The cmdlet searches the default naming context or partition to find the object.
       If the identifier given is a DN, the partition to search will be computed from that DN.
       If two or more objects are found, the cmdlet returns a non-terminating error.

       This parameter can also accept an object through the pipeline.
   -LDAPFilter string
       An LDAP query string that is used to filter AD objects.
       You can use this parameter to run existing LDAP queries.
       The Filter parameter syntax supports the same functionality as the LDAP syntax. 
       See the -Filter description.
       e.g. search for all objects in the organizational unit with a name beginning with "ss64".
         -LDAPFilter "(name=ss64*)"  -SearchScope Subtree -SearchBase "DC=demo,DC=ss64,DC=com"

   -Partition string
       The distinguished name of an AD partition.
       The distinguished name must be one of the naming contexts on the current directory server.
       The cmdlet searches this partition to find the object defined by the -Identity parameter.
          -Partition "CN=Configuration,DC=EUROPE,DC=TEST,DC=SS64,DC=COM"

          -Partition "CN=Schema,CN=Configuration,DC=EUROPE,DC=TEST,DC=SS64,DC=COM"

       In many cases, a default value will be used for -Partition if no value is specified.

   -Properties string[]
       The properties of the output object to retrieve from the server.
       Use this parameter to retrieve properties that are not included in the default set.
       Specify properties for this parameter as a comma-separated list of names.
       To display all of the attributes that are set on the object, use *

       To specify an individual extended property, use the name of the property.
       For properties that are not default or extended properties, specify the LDAP provider name. 
       To retrieve properties and display them for an object, use the Get-* cmdlet associated
       with the object and pass the output to Get-Member. 
       e.g.   Get-ADGroup -Identity Administrators | Get-Member
       To retrieve and display the properties:
       e.g.   Get-ADGroup -Identity Administrators -Properties * | Get-Member
   -ResultPageSize int
       The number of objects to include in one page for an AD Domain Services query. 
       The default is 256 objects per page. 
       e.g.   -ResultPageSize 500
   -ResultSetSize Int32
       The maximum number of objects to return for an AD Domain Services query.
       To receive all objects (the default), set this parameter to $null.
       Use Ctrl+c to stop the query and return of objects. 

   -SearchBase string
       An AD path to search under. 
       When you run a cmdlet from an  drive,
       The default value of this parameter is the current path of the AD provider drive, the
       default naming context of the target domain, or (if specified) the target LDS instance.
       e.g. to search under an OU.
          -SearchBase "ou=Group64,dc=demo,dc=SS64,dc=com" 
   -SearchScope ADSearchScope
       The scope of an AD search. Possible values:
          Base     or 0
          OneLevel or 1
          Subtree  or 2
       Base will search only the current path or object.
       OneLevel will search the immediate children of the path or object.
       Subtree will search the current path or object and all children.
           -SearchScope Subtree

   -Server string
       The AD Domain Services instance to connect to, this may be a Fully qualified domain name,
       NetBIOS name, Fully qualified directory server name (with or without port number) or AD Snapshot instance.

       Examples:  demo

Get-ADComputer gets a computer or performs a search to retrieve multiple computers. The -Identity parameter specifies the AD computer to retrieve. Identify the computer by its distinguished name (DN), GUID, security identifier (SID) or Security Accounts Manager (SAM) account name. This parameter may also be set to a computer object variable or through the pipeline.

To search for and retrieve more than one computer, use the -Filter or -LDAPFilter parameters. The -Filter parameter uses the PowerShell Expression Language to write query strings for Active Directory. For more information, see help about_ActiveDirectory_Filter.
If you have existing LDAP query strings, you can use the -LDAPFilter parameter.

This cmdlet retrieves a default set of computer object properties. To retrieve additional properties use the -Properties parameter.


Get a specific computer showing all the properties:

PS C:\> Get-ADComputer "Server64" -Properties *

Get all computer accounts:

PS C:\> Get-ADComputer -Filter *

List and count all the different Computer OS's found in AD

PS C:\> $os = Get-ADComputer -Filter * -Properties OperatingSystem -ResultPageSize 500
PS C:\> $os | Group-object -Property OperatingSystem -NoElement | ft  -autosize

Filter that list to show machines with a specific OS
PS C:\> $os | where OperatingSystem -eq "Windows Server 2003" | select name

Get an inventory list of all servers, plus OS and service pack (via Microsoft's enterprise AD support blog):

PS C:\> Get-ADComputer -Filter {OperatingSystem -Like "Windows *Server*"} -Property * | Format-Table Name,OperatingSystem,OperatingSystemServicePack -Wrap -Auto

Get all the computers with a ComputerName matching a given string:

PS C:\> Get-ADComputer -Filter 'Name -like "Server*"' -Properties IPv4Address | Format-table Name,DNSHostName,IPv4Address -A

Get all the computers that have changed their password in the last 30 days:

PS C:\> $d = [DateTime]::Today.AddDays(-30); Get-ADComputer -Filter 'PasswordLastSet -ge $d' -Properties PasswordLastSet | Format-table Name,PasswordLastSet

Get the computer accounts in the location: "CN=Computers,DC=SS64,DC=com" that are listed as laptops (using an LDAPFilter):

PS C:\> Get-ADComputer -LDAPFilter "(name=*laptop*)" -SearchBase "CN=Computers,DC=SS64,DC=com"

“The really efficient laborer will be found not to crowd his day with work, but will saunter to his task surrounded by a wide halo of ease and leisure” ~ Henry David Thoreau

Related PowerShell Cmdlets

LastLogon - Find when a computer account last logged in.
Query-UserAccountControl.ps1 - List the UAC Flag for all User and Computer accounts. Identify specific configurations.
New-ADComputer - Create a new AD computer.
Remove-ADComputer - Remove an AD computer.
- Modify an AD computer.
VBScript: ComputerInfo - List properties of a Computer. (as shown in ADUC)

Copyright © 1999-2024
Some rights reserved