Tuesday, December 27, 2011

Active Directory Power Shell best commond for Admins (All About Computer Objects)

AD-Powershell for Active Directory Administrators


Computer object commands

List all computer accounts in a domain

Get-ADComputer –Filter {Name –Like "*"}

View all computers that are logged in for 90 days to the Active Directory

Search-ADaccount -AccountInactive -Timespan 90 -ComputersOnly

OR

$lastLogon = (get-date).adddays(-90).ToFileTime()
Get-ADComputer -filter {lastLogonTimestamp -gt$lastLogon}

Find and delete all disabled Computer accounts in Active Directory

Search-ADAccount -AccountDisabled -ComputersOnly | Sort-Object | Remove-ADComputer

Find and delete disabled computer accounts from a specific OU

Search-ADAccount -AccountDisabled -Searchbase "OU=IT,DC=Contoso,DC=Com" -ComputersOnly | Sort-Object | Remove-ADComputer

Find and delete all computer accounts that no longer have signed up since 11/20/2011 to the Active Directory

Search-ADAccount -AccountInactive -DateTime "20.11.2011" –ComputersOnly | Sort-Object | Remove-ADComputer

Move Computer to other OU (example: Computer=CLIENT1 to OU=IT)

Get-ADComputer CLIENT1 | Move-ADObject -TargetPath "OU=IT,DC=Contoso,DC=Com"

See Computer account detail (example: Computer=CLIENT1)

Get-ADComputer -Filter {Name -Like "CLIENT1"}

Get a specific computer showing all the properties (example: Computer=CLIENT1)

Get-ADComputer "CLIENT1" -Properties *

List Computers (Name, Operating System, Service Pack, Operating System version)

Get-ADComputer -Filter * -Property * | Format-Table Name,OperatingSystem,OperatingSystemServicePack,OperatingSystemVersion -Wrap –Auto

Export Computers List (Name, Operating System, Service Pack, Operating System version)to CSV File

Get-ADComputer -Filter * -Property * | Select-Object Name,OperatingSystem,OperatingSystemServicePack,OperatingSystemVersion | Export-CSV AllWindows.csv -NoTypeInformation -Encoding UTF8

Get Computer IPv4 Address and DnsHostName

Get-ADComputer -Filter {Name -Like "Computer-Name"} -Properties IPv4Address | fl Name,DnsHostName,IPv4Address

Get all Computers in a specific OU (example: OU=IT, Domain=Contoso.com)

Get-ADComputer -SearchBase "OU=IT,DC=Contoso,DC=Com" -filter *

Get all the Computers without a specific DNS suffix

Get-ADComputer -filter "DnsHostName -notlike '*.Contoso.Com'"

Get Computer Service Principal Names (SPNs)

Get-ADComputer "Computer-Name" –Properties ServicePrincipalNames | Select-Object –Expand ServicePrincipalNames

Get Computers Security Identifiers (SIDs)

Get-ADComputer -Filter {Name -like "*"} | Select Name, SID | FT -AutoRemove-ADOrganizationalUnit Test -Recursive

All computer accounts that were created in the last 90 days in the Active Directory

Get-ADComputer -Filter * -Properties whenCreated | ? { ((Get-Date) - $_.whenCreated).Days -lt 90} | FT Name,WhenCreated,Name,DistinguishedName -Autosize -Wrap

All computer accounts that were created as of December 1, 2011 (12/01/2011) in the Active Directory

Get-ADComputer -LDAPFilter "(&(objectCategory=person)(whenCreated>=20111201000000.0Z))" -Properties whenCreated | FT Name,whenCreated,distinguishedName -Autosize -Wrap

All computer accounts that were created here in a given time, between the 10/01/2011 and 12/01/2011 in Active Directory

$Start = Get-Date -Day 01 -Month 10 -Year 2011 -Hour 00
$End = Get-Date -Day 01 -Month 12 -Year 2011 -Hour 23 -Minute 59
Get-ADComputer -Filter * -Properties whenCreated | ? { ($_.whenCreated -gt $Start) -and ($_.whenCreated -le $End) } | FT Name,WhenCreated,DistinguishedName -Autosize -Wrap



Organizational Unit (OU) commands

All OUs in Domain

Get-ADOrganizationalUnit -Filter {Name -like „*“} | FT Name, DistinguishedName -A

Contents of a specific OU (example: OU=IT, Domain=Contoso.com)

Get-ADObject -Filter {Name -Like "*"} -Searchbase "OU=IT,DC=Contoso,DC=Com"

Rename OU (example: Old-Name=IT, New-Name=Admin, Domain=Contoso.com)

Rename-ADObject "OU=IT,DC=Contoso,DC=Com" -NewName Admin

Delete OU including contents (example: OU=IT, Domain=Contoso.com)

Remove-ADOrganizationalUnit IT -Recursive

Delete user from specific OU (example: User=EdPrice, OU=IT, Domain=Contoso.com)

Remove-ADObject "CN=EdPrice,OU=IT,DC=Contoso,DC=Com"

Move all objects from one OU to another OU (example: Old-OU=IT, New-OU=Manager, Domain=Contoso.com)

Get-ADObject -Filter {Name -Like "*"} -Searchbase "OU=IT,DC=Contoso,DC=Com" -SearchScope OneLevel | Move-ADObject -TargetPath "OU=Manager,DC=Contoso,DC=Com"