Get AD Computers not in Group A and output list that computer's Distinguished Name and Description

Yan, Jayden 81 Reputation points
2022-05-06T05:42:49.84+00:00

How to use Powershell scripts to get AD Computers not in Group A and output list that computer's Distinguished Name and Description?

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,838 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,359 questions
0 comments
Accepted answer
  1. Newbie Jones 1,306 Reputation points
    2022-05-06T11:04:05.92+00:00

    Quick and dirty.
    This uses the memberOf attribute on the computer object and then filters client side (Where-Object) for those that aren't in the group.
    I recommend setting the searchbase and using the distinguishedName for the group. 

    Get-ADComputer -Filter * -SearchBase "OU=Computers,OU=xxx,DC=xxx,DC=yyy,DC=zzz" -Properties MemberOf, Description | 
    Where-Object {"CN=groupA,OU=Groups,OU=xxx,OU=xxx,DC=xxx,DC=yyy,DC=zzz" -NotIn $_.memberof} 
        | Select distinguishedName, Description
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 39,341 Reputation points
    2022-05-12T07:28:38.323+00:00

    Hi YanJayden-2649,

    Try this method:

    Grab the computer names from the first security group

    $group1 = Get-ADGroup -Identity 'Every Day WSUS 3am Install'
    $group2 = Get-ADGroup -Identity 'Every Day WSUS 6am Install'

    grab all computer obejects that are servers from AD and list the names not found in either security group

    Get-ADComputer -LDAPFilter "(&(objectcategory=computer)(OperatingSystem=*server*))"
    -Properties MemberOf |
    Where-Object {
    ( $.MemberOf -notcontains $Group1.DistinguishedName ) -and
    ( $    .MemberOf -notcontains $Group2.DistinguishedName )
    } |
    Select-Object -ExpandProperty Name

    --If the reply is helpful, please Upvote and Accept as answer--