Here’s a quick workaround for the lack of -Enabled switch for Get-QADComputer. Unlike Get-QADUser it does not currently have the switch, however, so these two oneliners will come handy should you want to efficiently filter computers by their enabled/disabled status

Script (with Quest Active Directory module) :

# Only disabled computer accounts
Get-QADComputer -ldapFilter ‘(userAccountControl:1.2.840.113556.1.4.803:=2)’

# Only enabled computer accounts
Get-QADComputer -ldapFilter ‘(!(userAccountControl:1.2.840.113556.1.4.803:=2))’

Script (with Microsoft Active Directory module loaded : import-module activedirectory) :

# Only disabled computer accounts
get-adcomputer -ldapfilter "(userAccountControl:1.2.840.113556.1.4.803:=2)"
# Only enabled computer accounts
get-adcomputer -ldapfilter "(!(userAccountControl:1.2.840.113556.1.4.803:=2))"

Reference

Get-ADComputer
Syntax

Get-ADComputer -Filter  [-ResultPageSize ] [-ResultSetSize ] [-SearchBase ] [-SearchScope { |  | }] [-AuthType { | }] [-Credential ] [-Partition ] [-Properties ] [-Server ] []
  • Filter
  • ResultPageSize
  • ResultSetSize
  • SearchBase
  • SearchScope
  • AuthType
  • Credential
  • Partition
  • Properties
  • Server
Get-ADComputer [-Identity]  [-AuthType { | }] [-Credential ] [-Partition ] [-Properties ] [-Server ] []
  • Identity
  • AuthType
  • Credential
  • Partition
  • Properties
  • Server
Get-ADComputer -LDAPFilter  [-ResultPageSize ] [-ResultSetSize ] [-SearchBase ] [-SearchScope { |  | }] [-AuthType { | }] [-Credential ] [-Partition ] [-Properties ] [-Server ] []
  • LDAPFilter
  • ResultPageSize
  • ResultSetSize
  • SearchBase
  • SearchScope
  • AuthType
  • Credential
  • Partition
  • Properties
  • Server

Detailed Description
The Get-ADComputer cmdlet gets a computer or performs a search to retrieve multiple computers.

The Identity parameter specifies the Active Directory computer to retrieve. You can identify a computer by its distinguished name (DN), GUID, security identifier (SID) or Security Accounts Manager (SAM) account name. You can also set the parameter to a computer object variable, such as $ or pass a computer object through the pipeline to the Identity parameter.

To search for and retrieve more than one computer, use the Filter or LDAPFilter parameters. The Filter parameter uses the PowerShell Expression Language to write query strings for Active Directory. PowerShell Expression Language syntax provides rich type conversion support for value types received by the Filter parameter. For more information about the Filter parameter syntax, see about_ActiveDirectory_Filter. If you have existing LDAP query strings, you can use the LDAPFilter parameter.

This cmdlet retrieves a default set of computer object properties. To retrieve additional properties use the Properties parameter. For more information about the how to determine the properties for computer objects, see the Properties parameter description.

<>

My Powershell script categories

Get Enabled or Disabled Computer Accounts

Leave a Reply

Your email address will not be published.