Power Shell to retireve information from AD

Hi, I am trying to write two powershell scripts against Active Directory, first one will be to .... Gets time stamps for all computers in the domain that have NOT logged in for last 90 days....and export them into csv file...for both windows and MAC computers....
Second Script would be to export computers in a particular group, and only list them if they have been active in the last 90 days......
LVL 8
LeoAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dan McFaddenSystems EngineerCommented:
No need for a PS script, its really only 2 commands, 1 to generate each file.  You could drop them in a script if needed.  The commands are:

1. All computers that have not logged on for more than 90 days:

Get-ADComputer -Filter * -Property Name, lastLogonDate | where lastLogonDate -lt (Get-Date).AddDays(-90) | select Name,lastLogonDate,DistinguishedName,Enabled | sort lastLogonDate  | Export-Csv InActiveComputers-90DaysOrMore.csv -noTypeInformation

Open in new window


2. Active computers in the last 90 days, in a specific group (OU):

Get-ADComputer -Filter * -SearchBase "OU=<Path-To-Your-Group-OU>,DC=<YourDomainName>,DC=<YourExtension>" -Property Name, lastLogonDate | where lastLogonDate -ge (Get-Date).AddDays(-90) | select Name,lastLogonDate,DistinguishedName,Enabled | sort lastLogonDate  | Export-Csv ActiveComputers-Last90Days.csv -noTypeInformation

Open in new window


On the 2nd command, you will have to customize the -SearchBase option in order to account for your AD structure.

Dan
0
LeoAuthor Commented:
Thanks, would these commands will generate information for mac/linux/ubuntu computers as well?
0
Dan McFaddenSystems EngineerCommented:
If it is in Active Directory, then it should find the objects.  Since I don't have any MACs or Linux objects in the directory which I support, I can not give you a definitive "yes" answer.

Dan
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

LeoAuthor Commented:
When i run the first powershell command, i am getting this error....

Export-Csv : Cannot bind parameter 'Delimiter'. Cannot convert value
"InActiveComputers-90DaysOrMore.csv" to type "System.Char". Error: "String
must be exactly one character long."
At line:1 char:225
+ ... ecomputers.csv InActiveComputers-90DaysOrMore.csv -noTypeInformation
+                    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Export-Csv], ParameterBind
   ingException
    + FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Microsoft.PowerSh
   ell.Commands.ExportCsvCommand


What its saying Export-csv in invalid parameter? i am trying to export it to C:\TEMP\Inactivecomputers.csv
0
LeoAuthor Commented:
Apologies, i was able to run it and export it....
there is a column of "Enabled", and it says True and False, what does that represent?
0
LeoAuthor Commented:
can you please guide me to write a powershell script which can generate list of computer from inside security group in OU......your second script.... I dont know how to pass parameter to list computers inside a security group....

Get-ADComputer -Filter * -SearchBase " OU=Corporate,OU=Groups,OU=Computers,OU=Domain,DC=domain,DC=lan" -Property Name, lastLogonDate | where lastLogonDate -ge (Get-Date).AddDays(-90) | select Name,lastLogonDate,DistinguishedName,Enabled | sort lastLogonDate  | Export-Csv C:\TEMP\ActiveComputers-Last90Days.csv -noTypeInformation.

So there are few Security groups from which i want to pull up list of computers, one by one, so if i want to define a security group inside Corporate, lets say IT, how should i define it?
0
Dan McFaddenSystems EngineerCommented:
You can disable objects accounts in AD, this field represents whether or not the object is disabled/deactivated.

Enabled = True means not "disabled"

Right clicking on an object in ADUC, gives you the option to "Disable Account"

Dan
0
LeoAuthor Commented:
Thanks....
What about my second question?  Powershell command to list computer inside security group?
0
Dan McFaddenSystems EngineerCommented:
You can use Get-ADGroupMember.  For example:

Get-ADGroupMember "<YourGroupName>" | select name

Open in new window


Will return all members in that group.  You could then pipe the output of this command into a text file, like so:

Get-ADGroupMember "<YourGroupName>"  | select name | select -ExpandProperty Name | Out-File c:\test\group-members.txt

Open in new window


Then use the output file as an input file for the first command.  Like so:

Get-Content c:\test\group-members.txt | Get-ADComputer -Property Name, lastLogonDate | where lastLogonDate -lt (Get-Date).AddDays(-90) | select Name,lastLogonDate,DistinguishedName,Enabled | sort lastLogonDate  | Export-Csv c:\test\InActiveComputers-90DaysOrMore.csv -noTypeInformation

Open in new window


Dan
0
Dan McFaddenSystems EngineerCommented:
You could put the second and third commands in a powershell script file and run that script when ever you need to.
0
LeoAuthor Commented:
so the command "Get-ADGroupMember "<YourGroupName>" how can i make it work for what i am after? i have to define security group in that....how can i define it? the OU group its located is in;
 OU=Corporate,OU=Groups,OU=Computers,OU=Domain,DC=domain,DC=lan"
thanks.
0
Dan McFaddenSystems EngineerCommented:
When you say "Security Group" I assumed you meant an AD object that was a group, not an AD path.  I wouldn't necessarily define an OU and a group.  So, if you are grouping computers in OUs and want to run a report for objects in that OU, then take the second command in my first post and replace the SearchBase item with this:

 -SearchBase "OU=<Path-To-Your-Group-OU>,DC=<YourDomainName>,DC=<YourExtension>" 

Open in new window


With the OU path to your "group."  That would look like:

 -SearchBase "OU=Corporate,OU=Groups,OU=Computers,OU=Domain,DC=domain,DC=lan" 

Open in new window


Dan
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
LeoAuthor Commented:
Sorry about all the confusion, i have uploaded the picture of our AD....now if you look at it, the computer list i am trying to generate is in ITS_PCs...how can i  write a powershell script to generate list of the PCs from this security group?
AD.jpg
0
Dan McFaddenSystems EngineerCommented:
Use Get-ADGroupMember

 Get-ADGroupMember "ITS_PCs"  | select name | select -ExpandProperty Name | Out-File c:\test\group-members.txt 

Open in new window


This generates a list of the members in that group.
0
LeoAuthor Commented:
so i dont have to define the whole path? i.e;
OU=Corporate,OU=Groups,OU=Computers,OU=Domain,DC=domain,DC=lan" ?
0
Dan McFaddenSystems EngineerCommented:
No.
0
Dan McFaddenSystems EngineerCommented:
I suggest just running the command I posted at 16:12 and compare the output file to that of the actual group as seen in AD using ADUC.

Dan
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft PowerPoint

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.