Get AD Computers not in Group A and output list that computer's Distinguished Name and Description

Question

How to use Powershell scripts to get AD Computers not in Group A and output list that computer's Distinguished Name and Description?

Answer 1

Quick and dirty.
This uses the memberOf attribute on the computer object and then filters client side (Where-Object) for those that aren't in the group.
I recommend setting the searchbase and using the distinguishedName for the group.

Get-ADComputer -Filter * -SearchBase "OU=Computers,OU=xxx,DC=xxx,DC=yyy,DC=zzz" -Properties MemberOf, Description | 
    Where-Object {"CN=groupA,OU=Groups,OU=xxx,OU=xxx,DC=xxx,DC=yyy,DC=zzz" -NotIn $_.memberof} 
        | Select distinguishedName, Description

Answer 2

Hi YanJayden-2649,

Try this method:

Grab the computer names from the first security group

$group1 = Get-ADGroup -Identity 'Every Day WSUS 3am Install'
$group2 = Get-ADGroup -Identity 'Every Day WSUS 6am Install'

grab all computer obejects that are servers from AD and list the names not found in either security group

Get-ADComputer -LDAPFilter "(&(objectcategory=computer)(OperatingSystem=*server*))"
-Properties MemberOf |
Where-Object {
( $.MemberOf -notcontains $Group1.DistinguishedName ) -and
( $.MemberOf -notcontains $Group2.DistinguishedName )
} |
Select-Object -ExpandProperty Name

---

--If the reply is helpful, please Upvote and Accept as answer--