Get-ADComputer
The cmdlet of choice for inventorying computers through AD is Get-ADComputer. This command automatically searches for computer objects throughout a domain, returning all sorts of info.The first step is to fire up PowerShell and import the ActiveDirectory module:
Then if I want to see all the details about using this cmdlet, I run:
Get-Help Get-ADComputer -Full
Getting OS information
Basics
Get-ADComputer -Filter * -Property * | Format-Table Name,OperatingSystem,OperatingSystemServicePack,OperatingSystemVersion -Wrap –Auto
This command is filtering all computers for all their properties. It then feeds the data (using that pipe symbol) into a formatted table. The only attributes that the table contains are the "computer name, operating system description, service pack, and OS version". It also automatically sizes and wraps the data. When run, I see:
A Windows Server 2003 computer needs Service Pack 2 installed and I still have a Windows 2000 server.
Server Filtering
Now we can start breaking down the results with filters. run:Get-ADComputer -Filter {OperatingSystem -Like "Windows Server*"} -Property * | Format-Table Name,OperatingSystem,OperatingSystemServicePack -Wrap -Auto
I changed the filter to find all the computers that are running “Windows Server something”, using the –like filter.
Cool, now only servers are listed! But wait… where’d my Windows 2000 server go? Ahhhh… sneaky. We didn’t start calling OS’s “Windows Server” until 2003. Before that it was “Windows 2000 Server”. I need to massage my filter a bit:
Get-ADComputer -Filter {OperatingSystem -Like "Windows *Server*"} -Property * | Format-Table Name,OperatingSystem,OperatingSystemServicePack -Wrap -Auto
See the difference? I just added an extra asterisk to surround “Server”.
This environment has a variety of Windows server versions running. I’m interested in the ones that are running Windows Server 2008 or Windows Server 2008 R2. And once I have that, I might just want to see the R2 servers.
I run these two sets of commands:
Get-ADComputer -Filter {OperatingSystem -Like "Windows Server*2008*"} -Property * | Format-Table Name,OperatingSystem,OperatingSystemServicePack -Wrap -Auto
Get-ADComputer -Filter {OperatingSystem -Like "Windows Server*r2*"} -Property * | Format-Table Name,OperatingSystem,OperatingSystemServicePack -Wrap -Auto
Workstation Filtering
Now, for all the workstations? I simply switch from -Like to -Notlike with my previous server query:Get-ADComputer -Filter {OperatingSystem -NotLike "*server*"} -Property * | Format-Table Name,OperatingSystem,OperatingSystemServicePack -Wrap -Auto
Family filtering
Let’s say we want to filter by the “family” of OS's. This can be useful when trying to identify computers that started having a special capability in one OS release and all subsequent releases, and I don’t care about server or workstation platforms. An example of that would be BitLocker – it only works on Windows Vista, Windows Server 2008, and later. I run:Get-ADComputer -Filter {OperatingSystemVersion -ge "6"} -Property * | Format-Table Name,OperatingSystem,OperatingSystemVersion -Wrap -Auto
Now I'm filtering on operating system version, to be equal to or greater than 6. This means that any computers that have a kernel version of 6 (Vista and 2008) or higher will be returned:
For Windows Server 2008 R2 and Windows 7 family of computers only, I can change my filter slightly:
Get-ADComputer -Filter {OperatingSystemVersion -ge "6.1"} -Property * | Format-Table Name,OperatingSystem,OperatingSystemVersion -Wrap -Auto
Getting it all into a file
So what we’ve done ‘til now was just use PowerShell to send goo out to the screen and stare. In all but the smallest domains, though, this will soon get unreadable. I need a way to send all this out to a text file for easier sorting, filtering, and analysis.This is where Export-CSV comes in. With the chaining of an additional pipeline I can find all the computers, select the attributes I find valuable for them, then send them into a comma-separated text file.
Get-ADComputer -Filter * -Property * | Select-Object Name,OperatingSystem,OperatingSystemServicePack,OperatingSystemVersion | Export-CSV AllWindows.csv -NoTypeInformation -Encoding UTF8
Then I just crack open the AllWindows.CSV file in Excel and:
