Powershell - Filtering OUs while using get-adcomputer

powershell active-directory filtering ou
smierdziel picture smierdziel · Jul 18, 2012 · Viewed 39.3k times · Source

I am trying to create a script that generates a list of computers based on specific properties which a computer may have. For example, I am trying to make a list of Windows XP computers and Windows 7 computers, throw their names in a .csv file and outputting the final count of each.

Here is my code so far

import-module ActiveDirectory
$computers = get-adcomputer -Filter 'ObjectClass -eq "Computer"' -properties "OperatingSystem"
$i = 0
$j = 0
Foreach ($computer in $computers) {
    if ($computer.operatingSystem -like "Windows 7*") {
        $i++
        '"{0}","{1}","{2}"' -f $computer.Name, $computer.OperatingSystem, "$computer.DistinguishedName" | Out-file -append C:\users\admin\desktop\test.txt
        }
    elseif ($computer.OperatingSystem -like "Windows XP*") {
        $j++
        '"{0}","{1}","{2}"' -f $computer.Name, $computer.OperatingSystem, "$computer.DistinguishedName" | Out-file -append C:\users\admin\desktop\test.txt
        }
    else {
        $_
        }

}
write-host "$i Win 7"
write-host "$j Win xp"
$k = $i+$j
write-host "$k Total"

Sample Output:

104 Win 7
86 Win xp
190 Total

This script works however I would like to make it a bit better by being able to say which OU's not to look into, but I can't quite figure it out.

If anyone has any insight into how to do this, or even just to make the above code any better I would love to hear it.

Thank you!

Answer

vonPryz picture vonPryz · Jul 18, 2012

The -like operator doesn't seem to work with wildcards for DistinguishedName. So the obvious operation Get-ADComputer -Filter {(DistinguishedName -notlike "*OU=evil,*")} doesn't work.

The easiest workaround is to get all the computers in a colleciton and filter it afterwards to suit your needs. Like so,

# All the computers from the evil OU:
$evilOU = $computers| ? {$_.DistinguishedName -like "*ou=evil,*"}
# All the computers but the ones from the evil OU:
$goodOU = $computers| ? {$_.DistinguishedName -notlike "*ou=evil,*"}

Addendum

To combine matching rules, use -and -or and -like. Remember to use * wildcard with ? (where-object)

# All the computers save the ones from evil and wicked OU:
$goodOU = $computers| ? {
  $_.DistinguishedName -notlike "*ou=evil,*" -and $_.DistinguishedName -notlike "*ou=wicked,*"

}

Related questions

Get-Aduser -Filter will not accept a variable

I'd like to check if a user account already exists in the system. $SamAc = Read-Host 'What is your username?' $User = Get-ADUser -Filter {sAMAccountName -eq "$SamAc"} I'm not sure why, but $User will always return null even if {sAMAccountName -eq "$…

Read More
How to get all groups that a user is a member of?

PowerShell's Get-ADGroupMember cmdlet returns members of a specific group. Is there a cmdlet or property to get all the groups that a particular user is a member of? I fixed my mistake: Get-Member should be Get-ADGroupMember.

Read More
Powershell script to see currently logged in users (domain and machine) + status (active, idle, away)

I am searching for a simple command to see logged on users on server. I know this one : Get-WmiObject -Class win32_computersystem but this will not provide me the info I need. It returns : domain Manufactureer Model Name (Machine name) …

Read More