You can list the Active Directory computer accounts and check their status (enabled or disabled objects) in different ways.
-
First method with the Get-ADComputer cmdlet
Script (with Microsoft Active Directory module loaded : import-module activedirectory) :
Only disabled computer accountsget-adcomputer -ldapfilter "(userAccountControl:1.2.840.113556.1.4.803:=2)"
Only enabled computer accounts
get-adcomputer -ldapfilter "(!(userAccountControl:1.2.840.113556.1.4.803:=2))"
-
Second method with the Search-ADAccount cmdlet
Script (with Microsoft Active Directory module loaded : import-module activedirectory) :
Only disabled computer accountsSearch-ADAccount -searchbase "CN=Computers,DC=domain,DC=local" -ComputersOnly -AccountDisabled
-
Third method with the Get-ADObject cmdlet
Only disabled computer accounts
Get-ADObject -searchbase "CN=Computers,DC=domain,DC=local" -ldapfilter "(&(objectclass=computer)(userAccountControl:1.2.840.113556.1.4.803:=2))"
Only enabled computer accounts
Get-ADObject -searchbase "CN=Computers,DC=domain,DC=local" -ldapfilter "(&(objectclass=computer)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))"
Reference
Get-ADComputer
Syntax
Get-ADComputer -Filter[-ResultPageSize ] [-ResultSetSize ] [-SearchBase ] [-SearchScope { | | }] [-AuthType { | }] [-Credential ] [-Partition ] [-Properties ] [-Server ] [ ]
- Filter
- ResultPageSize
- ResultSetSize
- SearchBase
- SearchScope
- AuthType
- Credential
- Partition
- Properties
- Server
Get-ADComputer [-Identity][-AuthType { | }] [-Credential ] [-Partition ] [-Properties ] [-Server ] [ ]
- Identity
- AuthType
- Credential
- Partition
- Properties
- Server
Get-ADComputer -LDAPFilter[-ResultPageSize ] [-ResultSetSize ] [-SearchBase ] [-SearchScope { | | }] [-AuthType { | }] [-Credential ] [-Partition ] [-Properties ] [-Server ] [ ]
- LDAPFilter
- ResultPageSize
- ResultSetSize
- SearchBase
- SearchScope
- AuthType
- Credential
- Partition
- Properties
- Server
Detailed Description
The Get-ADComputer cmdlet gets a computer or performs a search to retrieve multiple computers.
The Identity parameter specifies the Active Directory computer to retrieve. You can identify a computer by its distinguished name (DN), GUID, security identifier (SID) or Security Accounts Manager (SAM) account name. You can also set the parameter to a computer object variable, such as $
To search for and retrieve more than one computer, use the Filter or LDAPFilter parameters. The Filter parameter uses the PowerShell Expression Language to write query strings for Active Directory. PowerShell Expression Language syntax provides rich type conversion support for value types received by the Filter parameter. For more information about the Filter parameter syntax, see about_ActiveDirectory_Filter. If you have existing LDAP query strings, you can use the LDAPFilter parameter.
This cmdlet retrieves a default set of computer object properties. To retrieve additional properties use the Properties parameter. For more information about the how to determine the properties for computer objects, see the Properties parameter description.