question

YanJayden-2649 avatar image
0 Votes"
YanJayden-2649 asked NewbieJones-6218 commented

Get AD Computers not in Group A and output list that computer's Distinguished Name and Description

How to use Powershell scripts to get AD Computers not in Group A and output list that computer's Distinguished Name and Description?

windows-server-powershellwindows-active-directory
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

NewbieJones-6218 avatar image
0 Votes"
NewbieJones-6218 answered NewbieJones-6218 edited

Quick and dirty.
This uses the memberOf attribute on the computer object and then filters client side (Where-Object) for those that aren't in the group.
I recommend setting the searchbase and using the distinguishedName for the group.

 Get-ADComputer -Filter * -SearchBase "OU=Computers,OU=xxx,DC=xxx,DC=yyy,DC=zzz" -Properties MemberOf, Description | 
     Where-Object {"CN=groupA,OU=Groups,OU=xxx,OU=xxx,DC=xxx,DC=yyy,DC=zzz" -NotIn $_.memberof} 
         | Select distinguishedName, Description
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered NewbieJones-6218 commented

Hi YanJayden-2649,

Try this method:

Grab the computer names from the first security group

$group1 = Get-ADGroup -Identity 'Every Day WSUS 3am Install'
$group2 = Get-ADGroup -Identity 'Every Day WSUS 6am Install'

grab all computer obejects that are servers from AD and list the names not found in either security group

Get-ADComputer -LDAPFilter "(&(objectcategory=computer)(OperatingSystem=*server*))"
-Properties MemberOf |
Where-Object {
( $.MemberOf -notcontains $Group1.DistinguishedName ) -and
( $
.MemberOf -notcontains $Group2.DistinguishedName )
} |
Select-Object -ExpandProperty Name




--If the reply is helpful, please Upvote and Accept as answer--

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Not fully understanding this addition to an answered question.

Your ldapfilter is only going to return server operating systems. (I can't see this in the original posters requirements).

Your where-object is client side filtering on two groups, which I also can't see requested in the original requirements.

Your final select-object is only showing name, where the poster requested DisplayName and Description.

I'm wondering if this answer was meant for another thread.



0 Votes 0 ·