Get one or more Active Directory computers.
Syntax Get-ADComputer [-Identity] ADComputer [-AuthType {Negotiate | Basic}] [-Credential PSCredential] [-Partition string] [-Properties string[]] [-Server string] [CommonParameters] Get-ADComputer { -Filter string | -LDAPFilter string } [-ResultPageSize int] [-ResultSetSize Int32] [-SearchBase string] [-SearchScope {Base | OneLevel | Subtree}] [-AuthType {Negotiate | Basic}] [-Credential PSCredential] [-Partition string] [-Properties string[]] [-Server string] [CommonParameters] Key -AuthType {Negotiate | Basic} The authentication method to use: Negotiate or 0 Basic or 1 A Secure Sockets Layer (SSL) connection is required for the Basic authentication method. -Credential PSCredential A user account that has permission to perform this action. The default is the current user unless the cmdlet is run from an AD PowerShell provider drive in which case the account associated with the drive is the default. "User64" or "Domain01\User64" or a PSCredential object. -Filter { string } A query string that retrieves Active Directory objects. This string uses the PowerShell Expression Language syntax. Supported Operators: -eq -le -ge -ne -lt -gt -approx -bor -band -recursivematch -like -notlike -and -or -not Also see about_ActiveDirectory_Filter. -Identity ADComputer An AD computer object: Distinguished Name Example: CN=PC1234,CN=Europe,CN=Users,DC=SS64,DC=com GUID (objectGUID) Example: af4867a2-5aa1-4143-bef2-b56c5c9a78de Security Identifier (objectSid) Example: S-1-5-21-3164297828-301567370-526410523-1153 Security Accounts Manager Account Name (sAMAccountName) Example: PC1234 The identifier in parentheses is the LDAP provider name for the attribute. The cmdlet searches the default naming context or partition to find the object. If the identifier given is a DN, the partition to search will be computed from that DN. If two or more objects are found, the cmdlet returns a non-terminating error. This parameter can also accept an object through the pipeline. -LDAPFilter string An LDAP query string that is used to filter AD objects. You can use this parameter to run existing LDAP queries. The Filter parameter syntax supports the same functionality as the LDAP syntax. See the -Filter description. e.g. search for all objects in the organizational unit with a name beginning with "ss64". -LDAPFilter "(name=ss64*)" -SearchScope Subtree -SearchBase "DC=demo,DC=ss64,DC=com" -Partition string The distinguished name of an AD partition. The distinguished name must be one of the naming contexts on the current directory server. The cmdlet searches this partition to find the object defined by the -Identity parameter. examples: -Partition "CN=Configuration,DC=EUROPE,DC=TEST,DC=SS64,DC=COM" -Partition "CN=Schema,CN=Configuration,DC=EUROPE,DC=TEST,DC=SS64,DC=COM" In many cases, a default value will be used for -Partition if no value is specified. -Properties string[] The properties of the output object to retrieve from the server. Use this parameter to retrieve properties that are not included in the default set. Specify properties for this parameter as a comma-separated list of names. To display all of the attributes that are set on the object, use * To specify an individual extended property, use the name of the property. For properties that are not default or extended properties, specify the LDAP provider name. To retrieve properties and display them for an object, use the Get-* cmdlet associated with the object and pass the output to Get-Member. e.g. Get-ADGroup -Identity Administrators | Get-Member To retrieve and display the properties: e.g. Get-ADGroup -Identity Administrators -Properties * | Get-Member -ResultPageSize int The number of objects to include in one page for an AD Domain Services query. The default is 256 objects per page. e.g. -ResultPageSize 500 -ResultSetSize Int32 The maximum number of objects to return for an AD Domain Services query. To receive all objects (the default), set this parameter to $null. Use Ctrl+c to stop the query and return of objects. -SearchBase string An AD path to search under. When you run a cmdlet from an drive, The default value of this parameter is the current path of the AD provider drive, the default naming context of the target domain, or (if specified) the target LDS instance. e.g. to search under an OU. -SearchBase "ou=Group64,dc=demo,dc=SS64,dc=com" -SearchScope ADSearchScope The scope of an AD search. Possible values: Base or 0 OneLevel or 1 Subtree or 2 Base will search only the current path or object. OneLevel will search the immediate children of the path or object. Subtree will search the current path or object and all children. e.g. -SearchScope Subtree -Server string The AD Domain Services instance to connect to, this may be a Fully qualified domain name, NetBIOS name, Fully qualified directory server name (with or without port number) or AD Snapshot instance. Examples: demo.SS64.com demo demoDC02.demo.ss64.com demoDC02.demo.ss64.com:3268
Get-ADComputer gets a computer or performs a search to retrieve multiple computers. The -Identity parameter specifies the AD computer to retrieve. Identify the computer by its distinguished name (DN), GUID, security identifier (SID) or Security Accounts Manager (SAM) account name. This parameter may also be set to a computer object variable or through the pipeline.
To search for and retrieve more than one computer, use the -Filter or -LDAPFilter parameters. The -Filter parameter uses the PowerShell Expression Language to write query strings for Active Directory. For more information, see help about_ActiveDirectory_Filter.
If you have existing LDAP query strings, you can use the -LDAPFilter parameter.
This cmdlet retrieves a default set of computer object properties. To retrieve additional properties use the -Properties parameter.
Get a specific computer showing all the properties:
PS C:\> Get-ADComputer "Server64" -Properties *
Get all computer accounts:
PS C:\> Get-ADComputer -Filter *
List and count all the different Computer OS's found in AD
PS C:\> $os = Get-ADComputer -Filter * -Properties OperatingSystem -ResultPageSize 500
PS C:\> $os | Group-object -Property OperatingSystem -NoElement | ft -autosize
Filter that list to show machines with a specific OS
PS C:\> $os | where OperatingSystem -eq "Windows Server 2003" | select name
Get an inventory list of all servers, plus OS and service pack (via Microsoft's enterprise AD support blog):
PS C:\> Get-ADComputer -Filter {OperatingSystem -Like "Windows *Server*"} -Property * | Format-Table Name,OperatingSystem,OperatingSystemServicePack -Wrap -Auto
Get all the computers with a ComputerName matching a given string:
PS C:\> Get-ADComputer -Filter 'Name -like "Server*"' -Properties IPv4Address | Format-table Name,DNSHostName,IPv4Address -A
Get all the computers that have changed their password in the last 30 days:
PS C:\> $d = [DateTime]::Today.AddDays(-30); Get-ADComputer -Filter 'PasswordLastSet -ge $d' -Properties PasswordLastSet | Format-table Name,PasswordLastSet
Get the computer accounts in the location: "CN=Computers,DC=SS64,DC=com" that are listed as laptops (using an LDAPFilter):
PS C:\> Get-ADComputer -LDAPFilter "(name=*laptop*)" -SearchBase "CN=Computers,DC=SS64,DC=com"
“The really efficient laborer will be found not to crowd his day with work, but will saunter to his task surrounded by a wide halo of ease and leisure” ~ Henry David Thoreau
LastLogon - Find when a computer account last logged in.
Query-UserAccountControl.ps1 - List the UAC Flag for all User and Computer accounts. Identify specific configurations.
New-ADComputer - Create a new AD computer.
Remove-ADComputer - Remove an AD computer.
Set-ADComputer - Modify an AD computer.
VBScript: ComputerInfo - List properties of a Computer. (as shown in ADUC)