Automating repetitive tasks in IT environments can greatly enhance productivity and reduce the risk of human error. In Active Directory (AD), one powerful tool for automation is the PowerShell cmdlet Get-ADComputer. This cmdlet allows system administrators to retrieve and manipulate computer accounts within a domain. Whether you’re managing hundreds or thousands of machines, mastering Get-ADComputer is an essential skill for any Windows administrator.
Understanding Get-ADComputer
The Get-ADComputer cmdlet is part of the ActiveDirectory PowerShell module, which is included with the Remote Server Administration Tools (RSAT). It provides a way to query computer objects from AD and extract valuable information like operating systems, last logon time, and organizational unit (OU) location.
Before you can use Get-ADComputer, make sure you have RSAT installed and imported using the command:
Import-Module ActiveDirectoryOnce loaded, you can start querying computers. For example, to get all computers in your domain:
Get-ADComputer -Filter *Common Use Cases for Get-ADComputer
Here are several real-world examples where Get-ADComputer can be a valuable asset in automation:
- Inventory Management – Generate reports on all computers, including OS version, last logon times, and OS architecture.
- Cleanup Scripts – Identify stale or decommissioned computers that haven’t logged on in a long time.
- OU Cleanup – Detect improperly placed computer objects within Active Directory.
- Security Audits – Find computers missing required naming conventions or group memberships.
Filtering and Selecting Properties
One of the most powerful aspects of Get-ADComputer is its ability to filter and return specific data points.
Example: Find all Windows 10 machines
Get-ADComputer -Filter "OperatingSystem -like '*Windows 10*'" -Properties OperatingSystem | Select-Object Name, OperatingSystemYou can also filter based on the time since last logon. To find inactive computers, try:
Example: Machines not used in the last 90 days
$date = (Get-Date).AddDays(-90)
Get-ADComputer -Filter * -Properties LastLogonDate |
Where-Object { $_.LastLogonDate -lt $date } |
Select-Object Name, LastLogonDate
Exporting Data for Reporting
Once you’ve queried the data you need, you can easily export it to a CSV for use in reports or audits:
Get-ADComputer -Filter * -Properties Name, OperatingSystem, LastLogonDate |
Select-Object Name, OperatingSystem, LastLogonDate |
Export-Csv -Path "ADComputersReport.csv" -NoTypeInformationThese types of automated reports can be regularly scheduled using Task Scheduler or a provisioning pipeline to ensure that your IT team always has up-to-date insights.
Scripting with Get-ADComputer
Integrating Get-ADComputer into your PowerShell scripts further amplifies its value. Consider creating scripts that run daily or weekly to:
- Auto-tag inactive devices for review
- Move computers to correct OUs based on naming convention
- Email administrators if new non-compliant devices appear
For instance, to move lab PCs into a specific OU based on naming pattern:
Get-ADComputer -Filter "Name -like 'LAB-*'" | ForEach-Object {
Move-ADObject -Identity $_.DistinguishedName -TargetPath "OU=LabComputers,DC=example,DC=com"
}Best Practices and Tips
To get the most out of Get-ADComputer, keep these best practices in mind:
- Always use the -Properties parameter to access extended attributes like LastLogonDate or OperatingSystem.
- Combine it with other cmdlets like Select-Object, Where-Object, and Export-Csv for full automation workflows.
- Test your queries on a limited scope before applying them to the entire domain.
Conclusion
PowerShell’s Get-ADComputer is a versatile and powerful tool for Active Directory automation tasks. By learning how to filter, manipulate, and export data from your AD environment, you can simplify complex administrative tasks, improve security posture, and increase operational efficiency. Whether you’re working on asset management, security audits, or OU optimization, Get-ADComputer should be one of the top tools in your scripting toolkit.