Create Active Directory Computer Reports with PowerShell. To find anything regarding active directory (AD) computer objects and their properties, we will primarily use the Get-ADComputer cmdlet. For example, in an Active Directory domain, we can use the Get-ADComputer PowerShell cmdlet to get information about computer account objects (servers and workstations). This cmdlet is one of the most useful for searching AD computers by various criteria.
This article discusses the many uses of the Get-ADComputer cmdlet and how we can turn it into a comprehensive and valuable report.
Let’s start with the article blog Create Active Directory Computer Reports with PowerShell.
Create Active Directory Computer Reports with Powershell
Prerequisites
If we would like to follow along with the example scripts in this article, please be sure to have the following:
- An AD environment with at least one domain-joined workstation.
- Domain functional level – Windows Server 2016.
- Remote Server Administration Tools (RSAT) for Active Directory installed on your domain-joined workstation.
- The latest PowerShell version, or at least PowerShell 7. x and above, is required to execute the scripts.
Well, how to Create Active Directory Computer Reports with PowerShell? Let’s find out.
Understanding the Get-ADComputer Powershell Command
Before we begin, we should familiarize ourselves with the Get-ADComputer command. We don’t need domain admin privileges to get information from the Active Directory. Using a regular user account member of the Domain Users or Authenticated Users group is sufficient.
Well, the Get-Help command, as usual, provides a list of all the other parameters for the Get-ADComputer cmdlet:
$command = Get-ADComputer
Get-Help $command
Sample output:
Alternatively, we can access the official documentation of the Get-ADComputer command here.
After scrolling through the long list of parameters in our command line and documentation, we can start scripting. Remember, the most crucial parameter that accompanies the Get-ADComputer command is the Identity parameter.
In order to obtain information about a specific computer account in the domain, use the -Identity parameter with its name as an argument:
Get-ADComputer -Identity DC01
Here is the sample output:
DistinguishedName : CN=DC01,OU=Servers,OU=DC,OU=IT,DC=infrasos,DC=com
DNSHostName : DC01.infrasos.com
Enabled : True
Name : DC01
ObjectClass : computer
ObjectGUID : 87654321-1204-5578-0000-123462341264
SamAccountName : DC01
SID : S-1-5-21-123656780-1234667890-0986654321-1264
As a result, the Get-ADComputer cmdlet returned only the fundamental properties of the Computer object from AD. However, running the command above only provides the top-level information about the computer object. Then, if we want to dive deeper and display the object’s available properties, we can use the -Properties parameter.
To list all properties of the object, append the -Properties parameter and add a value of asterisk (*). The asterisk value is the wildcard value that indicates ALL:
Get-ADComputer -Identity DC01 -Properties *
Sample output:
On the other hand, we can navigate inside the Active Directory Users and Computers console (or dsa.msc) and view the properties from there. Finally, select a computer object and navigate to the Attribute Editor tab to view the list of computer object properties.
Filtering Get-ADComputer Results
One downside is that we might display more information on things we do not necessarily need. Using the PowerShell pipeline, the Get-ADComputer cmdlet allows us to display specific computer properties in the command line. For example, we can only leave values of Name and LastLogonDate properties in the output by piping the Format-Table command to the main syntax:
Get-ADComputer -Identity DC01 -Properties * | Format-Table Name, LastLogonDate -Autosize
Sample output:
Here, Windows PowerShell calculates column widths based on the actual data displayed if we specify the AutoSize parameter when we run the Format-Table command. All in all, this parameter makes the columns readable.
However, the previous command only searches for a single AD computer object. Therefore, if we wanted information for all computers in the domain, we can replace the Identity parameter with Filter:
Get-ADComputer -Filter * -Properties * | Format-Table Name, Created -Autosize
See the sample Output:
We got a simple formatted table containing only two fields: the computer name and the object creation date. We can add other columns of the Computer object from AD to this table by adding properties in the Format-Table section of the pipeline.
Basically, to fetch information about the computer objects in a particular Organizational Unit (OU), we can use the –SearchBase parameter:
Get-ADComputer -SearchBase ‘OU=IT,DC=infrasos,DC=com’ -Filter * -Properties * | Format-Table Name, Created -Autosize
Besides, we can also sort the query results by inserting the Sort-Object cmdlet in the pipeline:
Get-ADComputer -Filter * -Properties * | Sort-Object Created | Format-Table Name, Created -Autosize
In the previous command above, the Sort-Object command sorts the results of the Get-ADComputer first by Created and then passes it to Format-Table for display.
Improve your Active Directory Security & Azure AD using Computer Reports
Try us out for Free, Access to all features. – 200+ AD Report templates Available. Easily customise your own AD reports.
Using Search Filters with Get-ADComputer
We use the Get-ADComputer cmdlet’s -Filter argument to search for multiple AD computers based on specific criteria. As noted, we can use wildcards and logical comparison operators in this case. Certainly, as filters, we can only use primary computer object attributes.
Equally, we use the Where-Object pipe if we need to use search filters on extended computer attributes. The following are more practical examples of how to query and search computer objects in the domain using the Get-ADComputer cmdlet.
Get the total number of all active and unblocked computers in Active Directory:
We search for computers using multiple filters at the same time. Use PowerShell logical comparison operators to accomplish this.
(Get-ADComputer -Filter {Enabled -eq "true"}).Count
Display all Windows Server hosts in the AD domain:
Get-ADComputer -Filter {OperatingSystem -Like '*Windows Server*' }
Get a list of all computers in a specific OU whose names start with DC:
Get-ADComputer -Filter {Name -like "DC*"} -SearchBase ‘OU=IT,DC=infrasos,DC=com’ -Properties * | Format-Table Name
When searching in the OU, we can use the –SearchScope1 parameter to limit our search to the root OU only. The -SearchScope2 option performs a recursive search for computers in all OUs.
Managing Multiple Computers with Get-ADComputer
We must use the Foreach-Object loop to perform a specific action on all the computers in the resulting list. In this example, we can query multiple AD computers remotely using Windows Management Instrumentation or Common Information Classes:
Get-ADComputer -Filter * -Property * |
Select-Object Name,OperatingSystem |
Foreach-Object {
Get-CimInstance Win32_Bios -ComputerName $_.Name -ErrorAction SilentlyContinue |
Select-Object PSComputerName
}
Evidently, in this example, if we want a list of Windows Server hosts in the domain, along with their model and manufacturer, we use the same looping method and fetch the computer properties.
$Computers = Get-ADComputer -Filter {OperatingSystem -Like '*Windows Server*'}
Foreach ($Computer in $Computers){
$Hostname = $Computer.Name
$ComputerInfo = (Get-WmiObject -Computername $Hostname Win32_ComputerSystem)
$Manufacturer = $Computer.Manufacturer
$Model = $Computer.Model
Write-Output "Name: $Hostname"
Write-Output "Manufacturer: $Manufacturer"
Write-Output "Model: $Model"
Write-Output " "
}
So, the information fetched from the above examples is readily available via the domain services since these computers are part of AD. However, not all computers have their properties advertised to the domain. How can we fetch them?
Following, we make use of the Invoke-Command. Hence, this PowerShell cmdlet executes local commands on the remote computer. For example, suppose we need to run a specific command on all computers in a particular OU. In this example, let’s use the Invoke-Command to run a group policy update command on all servers:
Get-ADComputer -SearchBase "OU=DC,DC=infrasos,DC=com" -Filter * |
%{ Invoke-Command -Computer $_.Name -ScriptBlock { gpupdate /force } }
Also Read Try Active Directory Group Reports Tool
Generate PowerShell AD Reports with Get-ADComputer
In Windows PowerShell, we export the output of our commands into multiple reporting formats. Here are some of the examples below.
Firstly, we export the result of the Get-ADComputer command to a text file:
Get-ADComputer -Filter { OperatingSystem -Like '*Windows Server 2019*' } -Properties * |
Select Name, OperatingSystem |
Format-Table -AutoSize C:\Temp\2019_servers.txt
Secondly, we also get a list of all computers and export it to a comma-separated value (CSV) file:
Get-ADComputer -Filter * -Property * |
Select-Object Name,OperatingSystem |
Export-CSV All-Computers.csv -NoTypeInformation
Thirdly, we can also export our report and get an HTML webpage format with a list of all computers and essential properties:
Get-ADComputer -Filter * -Properties * |
Select-Object Name,OperatingSystem |
ConvertTo-Html |
Out-File C:\ps\ad_all_computers.html
It should look something like this:
Thank you for reading Create Active Directory Computer Reports with PowerShell. We shall conclude.
Also Read Deploy Azure AD Monitoring
Create Active Directory Computer Reports using Powershell Conclusion
In this article, we have discussed the Get-ADComputer command comprehensively. We learned that with this command, we could get a detailed list of properties and information for a particular machine. Furthermore, with an exhaustive list, we have learned how to filter these properties only to fetch only the information we need.
Try InfraSOS for FREE
Invite your team and explore InfraSOS features for free
- Free 15-Days Trial
- Easy Setup
- Full Access to Enterprise Plan
