Query AD for Windows XP SP Level
This is as much a learning question as it is a pressing, both in equal measures. I need to poll our AD to determine what computers are running Windows XP and what service pack level they are at (none, 1, 2, or 3). I would like to do this with PowerShell, but I am open to any method which will get me quick results. I need to make sure that the query has computer name, OS with SP level, OU location, last logon, and status (active or disabled).
Thanks in advance!
Justin
Thanks in advance!
Justin
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hey Justin, Mike :)
With PowerShell, using Quest's CmdLets and I can't test this, so two versions to check:
Get-QADComputer | Select-Object Name, operatingSystem operatingSystemServicePack
@{n='Enabled';e={ if ($_.UserAccountControl -BAnd 2) { $False } Else { $True } }}
And the "hmm perhaps" version:
Get-QADComputer -IncludedProperties operatingSystemServicePack
Select-Object Name, operatingSystem operatingSystemServicePack
@{n='Enabled';e={ if ($_.UserAccountControl -BAnd 2) { $False } Else { $True } }}
Because I can't quite remember what Get-QADComputer returns and AD is far far away at the moment.
HTH
Chris
With PowerShell, using Quest's CmdLets and I can't test this, so two versions to check:
Get-QADComputer | Select-Object Name, operatingSystem operatingSystemServicePack
@{n='Enabled';e={ if ($_.UserAccountControl -BAnd 2) { $False } Else { $True } }}
And the "hmm perhaps" version:
Get-QADComputer -IncludedProperties operatingSystemServicePack
Select-Object Name, operatingSystem operatingSystemServicePack
@{n='Enabled';e={ if ($_.UserAccountControl -BAnd 2) { $False } Else { $True } }}
Because I can't quite remember what Get-QADComputer returns and AD is far far away at the moment.
HTH
Chris
...and I knew Chris would come through with powershell as he always does. Thanks Chris
...MVP review board are you taking note :)
Thanks
Mike
...MVP review board are you taking note :)
Thanks
Mike
ASKER
I am probably missing the obvious, Chris.
I downloaded and (supposedly) Quests's CmdLets, but I still get that cmdlet is not recognized....
I downloaded and (supposedly) Quests's CmdLets, but I still get that cmdlet is not recognized....
You can add the Quest snapin
add-PSSnapin quest.activeroles.admanage
or you should be able to go to start > Programs > Quest Software open the shell there which should include the snapin.
Thanks
Mike
add-PSSnapin quest.activeroles.admanage
or you should be able to go to start > Programs > Quest Software open the shell there which should include the snapin.
Thanks
Mike
ASKER
Mike, thanks for the heads up on that. Foolishly I thought that installing it would make them availible in the regular PS window... Silly me....
Chris, I have attached the output of both of those commands in the Code box below.
Cheers,
Justin
Chris, I have attached the output of both of those commands in the Code box below.
Cheers,
Justin
PS H:\> Get-QADComputer | Select-Object Name, operatingSystem operatingSystemServicePack, `
>> @{n='Enabled';e={ if ($_.UserAccountControl -BAnd 2) { $False } Else { $True } }}
>>
Select-Object : A positional parameter cannot be found that accepts argument 'System.Object[]'.
At line:1 char:32
+ Get-QADComputer | Select-Object <<<< Name, operatingSystem operatingSystemServicePack, `
+ CategoryInfo : InvalidArgument: (:) [Select-Object], ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.PowerShell.Commands.SelectObjectCommand
PS H:\> Get-QADComputer -IncludedProperties operatingSystemServicePack | `
>> Select-Object Name, operatingSystem operatingSystemServicePack, `
>> @{n='Enabled';e={ if ($_.UserAccountControl -BAnd 2) { $False } Else { $True } }}
>>
Select-Object : A positional parameter cannot be found that accepts argument 'System.Object[]'.
At line:2 char:16
+ Select-Object <<<< Name, operatingSystem operatingSystemServicePack, `
+ CategoryInfo : InvalidArgument: (:) [Select-Object], ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.PowerShell.Commands.SelectObjectCommandOkay I didn't expect that error...
Could you try just this?
Get-QADComputer | Select-Object Name, operatingSystem operatingSystemServicePack
No lines to contend with :)
Chris
ASKER
Chris,
See below....
See below....
PS H:\> Get-QADComputer | Select-Object Name, operatingSystem operatingSystemServicePack
Select-Object : A positional parameter cannot be found that accepts argument 'operatingSystemServicePack'.
At line:1 char:32
+ Get-QADComputer | Select-Object <<<< Name, operatingSystem operatingSystemServicePack
+ CategoryInfo : InvalidArgument: (:) [Select-Object], ParameterBindingException
+ FullyQualifiedErrorId : PositionalParameterNotFound,Microsoft.PowerShell.Commands.SelectObjectCommand
Oh damn, sorry I missed a comma between operatingSystem and operatingSystemServicePack
Get-QADComputer | Select-Object Name, operatingSystem, operatingSystemServicePack
@{n='Enabled';e={ if ($_.UserAccountControl -BAnd 2) { $False } Else { $True } }}
Chris
ASKER
Chris,
That was it... It pulled computer name, OS, SP level and Enabled/Disabled status.....
Again, because my PS is not good at all, is there a way to make it only poll for Windows XP machines and ignore all other OSs? Also, I would need to pipe that into a savable file, and not to the screen.....
Cheers,
Justin
That was it... It pulled computer name, OS, SP level and Enabled/Disabled status.....
Again, because my PS is not good at all, is there a way to make it only poll for Windows XP machines and ignore all other OSs? Also, I would need to pipe that into a savable file, and not to the screen.....
Cheers,
Justin
Sure, and no problem :)
Chris
Get-QADComputer -OSName "*XP*" | Select-Object Name, operatingSystem, operatingSystemServicePack, `
@{n='Enabled';e={ if ($_.UserAccountControl -BAnd 2) { $False } Else { $True } }} | `
Export-CSV "SomeFile.csv"
ASKER
Cool... Now, I have over 41,000 Windows XP accounts in AD... I need to bypass the 1000 size limit...
PS H:\> Get-QADComputer -OSName "*XP*" | Select-Object Name, operatingSystem, operatingSystemServicePack, `
>> @{n='Enabled';e={ if ($_.UserAccountControl -BAnd 2) { $False } Else { $True } }} | `
>> Export-CSV "h:\new_computer_test.csv"
>>
WARNING: This search was configured to retrieve only the first 1000 results. To retrieve more results, increase the
size limit using the -SizeLimit parameter or set the default size limit using Set-QADPSSnapinSettings with the
-DefaultSizeLimit parameter. Use 0 as the value of size limit to retrieve all possible search results.
Setting SizeLimit to 0 should have it return everything.
That's quite a lot, we have to hope they made Get-QADComputer more efficient than System.DirectoryServices. So, fingers crossed and watch your system RAM.
Chris
Get-QADComputer -OSName "*XP*" -SizeLimit 0 | Select-Object Name, operatingSystem, operatingSystemServicePack, `
@{n='Enabled';e={ if ($_.UserAccountControl -BAnd 2) { $False } Else { $True } }} | `
Export-CSV "SomeFile.csv"
ASKER
Chris, that got it, but I just noticed it didn't have last logon included.... I checked the get-help on that cmdlet, and it does't seem to have that as a built in variable. Any and all guideance is appreciated.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
41,000 XP machines, big environment. Another tool may help you is old computer by Joe Richards
http://www.joeware.net/freetools/tools/oldcmp/index.htm
Really good for getting rid of old boxes. We disable at 120 days and delete after 180 days.
Thanks
Mike
http://www.joeware.net/freetools/tools/oldcmp/index.htm
Really good for getting rid of old boxes. We disable at 120 days and delete after 180 days.
Thanks
Mike
ASKER
Mike,
You have no idea... 75% of our computers have already been migrated to Vista. Deleting old computer accounts is outside the scope of the contract at the moment, so it is not an option, though I would desperately love for it to be. Is there a switch in ADFind which also displays enabled/disabled status? It would be nice to have two different reports to compare.
Cheers,
Justin
You have no idea... 75% of our computers have already been migrated to Vista. Deleting old computer accounts is outside the scope of the contract at the moment, so it is not an option, though I would desperately love for it to be. Is there a switch in ADFind which also displays enabled/disabled status? It would be nice to have two different reports to compare.
Cheers,
Justin
ASKER
Chris,
That last Query yielded the exact results I was seeking. I will be closing the Question, but I am still looking forward to Mike's input on ADFind.
Cheers,
Justin
That last Query yielded the exact results I was seeking. I will be closing the Question, but I am still looking forward to Mike's input on ADFind.
Cheers,
Justin
ASKER
As always, you come up with fast answers, and for that I am grateful. That particular query worked like a charm, minus it does not tell me the enabled/disabled status of the computer account.
I will be keeping this open, hoping for two things:
- A way to display the enabled/disabled status (necessity) -and-
- The same thing through PowerShell (preferred but not required)
Yes, I know that is probably reinventing the wheel, but I do also want to look at this as a learning opportunity.Cheers,
Justin