Wednesday, May 28, 2014

Where Are My AD Computers?

Just a quick PowerShell snippet to show where the computer objects are located in AD.  It uses a little function to calculate the OU from the DistinguishedName, then uses Select-Object to add a property to the AD object.

Next we just need to use Group-Object to show each OU and how many computers the OU contains.

Since I had all those computers in memory, thought it’d be a good time to also see how many were enabled, and how many were actually active (had they set their password in the last 100 days).

Nothing too fancy, just a couple of examples using some of the core PowerShell cmdlets.

 

###

### Get all the AD computers

###

$computers = Get-ADComputer -Filter * -Properties Enabled,OperatingSystem,PasswordLastSet

 

###

### quick function to calculate the OU by DN

###

function Get-OU ($ADOjbect)

{

    $DNParts = $ADOjbect.DistinguishedName -split ','

    $DNParts[1..($DNParts.count -1)] -join ','

}

 

###

### where are they?

###

$computers |

Select-Object -Property *,@{Name="OU"; Expression = {Get-OU $_}} |

Group-Object -Property OU -NoElement |

Sort-Object -Property Count -Descending

 

<#

Count Name         

----- ---- 

 8816 OU=Hoof,DC=Litware,DC=ca

 5485 OU=Hearted,DC=Litware,DC=ca

 3241 OU=Ice,DC=Litware,DC=ca

 2823 OU=Melted,DC=Litware,DC=ca

#>

 

###

### Are they enabled?

###

$computers | Group-Object Enabled -NoElement

<#

Count  Name                    

-----  ----                    

12,507 False                   

53,967 True                    

#>

###

### Are the active? (password set within the last 100 days)

###

$computers |

Where-Object {$_.PasswordLastSet -and ([DateTime]::Now - $_.PasswordLastSet).Days -lt 100 } |

Measure-Object

<#

Count    : 34,753

#>

No comments: