How to use Powershell scripts to get AD Computers not in Group A and output list that computer's Distinguished Name and Description?
Get AD Computers not in Group A and output list that computer's Distinguished Name and Description
Quick and dirty.
This uses the memberOf attribute on the computer object and then filters client side (Where-Object) for those that aren't in the group.
I recommend setting the searchbase and using the distinguishedName for the group.
Get-ADComputer -Filter * -SearchBase "OU=Computers,OU=xxx,DC=xxx,DC=yyy,DC=zzz" -Properties MemberOf, Description |
Where-Object {"CN=groupA,OU=Groups,OU=xxx,OU=xxx,DC=xxx,DC=yyy,DC=zzz" -NotIn $_.memberof}
| Select distinguishedName, Description
Hi YanJayden-2649,
Try this method:
Grab the computer names from the first security group
$group1 = Get-ADGroup -Identity 'Every Day WSUS 3am Install'
$group2 = Get-ADGroup -Identity 'Every Day WSUS 6am Install'
grab all computer obejects that are servers from AD and list the names not found in either security group
Get-ADComputer -LDAPFilter "(&(objectcategory=computer)(OperatingSystem=*server*))"
-Properties MemberOf |
Where-Object {
( $.MemberOf -notcontains $Group1.DistinguishedName ) -and
( $.MemberOf -notcontains $Group2.DistinguishedName )
} |
Select-Object -ExpandProperty Name
--If the reply is helpful, please Upvote and Accept as answer--
Not fully understanding this addition to an answered question.
Your ldapfilter is only going to return server operating systems. (I can't see this in the original posters requirements).
Your where-object is client side filtering on two groups, which I also can't see requested in the original requirements.
Your final select-object is only showing name, where the poster requested DisplayName and Description.
I'm wondering if this answer was meant for another thread.
26 people are following this question.
