Get a list of workstations in Active Directory

There’s really not a lot to this script, but with what I was trying to do I thought this was actually kind of a cool trick.

What I was trying to do was a get a list of all computers in AD with desktop operating systems. Yes, this is part of the migration series we’ve been doing because as it turns out random people have random other desktops sitting under their desk. 🙂

In addition to just pulling the computer objects I also wanted a list of the OS installed and the IP address they had registered in DNS. As you know, AD does not store the IP by itself, so since I wanted this all saved to just one array it required a little bit of trickery.

The first thing we want to do is the actual get-qdcomputer from AD, which is fairly straightforward. Then we want to pipe that to a where clause and filter on the operating system we want. Then save that to an array

$b=get-qadcomputer -includedproperties operatingsystem,lastlogontimestamp|where-object {$_.operatingsystem -notlike '*Server*' -and $_.operatingsystem -notlike $Null -and $_.operatingsystem -notlike '*ontap*'}

This next line is where the actual “trick” comes in. I was tickled pink by the ease of doing this after all the issues I was having with adding IP to the results above. The key was to set a new array (or the same one) and just select the attributes I want. In this case, name, operatingsystem, and lastlogontimestamp. I wanted the timestamp so that I could see the last time the machine had booted on the network. Then the real key is I also told it to select the attribute ipaddress. This attribute doesn’t actually exist in the above array, but because I’m selecting it here, it actually creates that row in the new array.

$b=$b|select name,operatingsystem,lastlogontimestamp,ipaddress

Then in the next section I’m executing a flushdns at the OS level and creating a new array. The new array just keeps track of the machines that we can’t ping. For the purposes of this script it’s really not used. So then we go thru each item in $b, reset some variables, then do a wmi call out to DNS to do an nslookup on the computer name. If it gets a results it adds that IP address back into the original array. Then we just output the array.

& ipconfig /flushdns
$NoPing=@()

foreach ($item in $b){
	$c=$item.name
	$a=$null
	$a=[System.Net.Dns]::GetHostAddresses($c)
	if (!$a){$NoPing+=$c}
	else {
		$item.ipaddress=$a
	}
}

And here it is all together. You can do whatever you want with the results.

$erroractionpreference="silentlycontinue"
$b=get-qadcomputer -includedproperties operatingsystem,lastlogontimestamp|where-object {$_.operatingsystem -notlike '*Server*' -and $_.operatingsystem -notlike $Null -and $_.operatingsystem -notlike '*ontap*'}

$b=$b|select name,operatingsystem,lastlogontimestamp,ipaddress

& ipconfig /flushdns
$NoPing=@()

foreach ($item in $b){
	$c=$item.name
	$a=$null
	$a=[System.Net.Dns]::GetHostAddresses($c)
	if (!$a){$NoPing+=$c}
	else {
		$item.ipaddress=$a
	}
}

$b|ft name, operatingsystem,lastlogontimestamp,ipaddress

Quicktip: Powershell script to enable all computers on a domain

This is a very specific script I had to write, so it probably won’t ever apply to you in any situation, but it had some cool stuff in it so I thought I’d post it.

For a DR exercise I had to write a script that would go through the entire AD domain and enable any computer object that was in the input CSV file. It’s a long story for why this was necessary, but suffice it to say that part of our deployment exercise would randomly disable some computer objects (mainly Windows 2003 servers).

Most of the script is error-checking and doing some handling around if it couldn’t find the computer object at all, and then if the object was already enabled we didn’t want it to touch it at all. The real meat is in the line:

 set-adcomputer $combobj.name -enabled $true

Essentially what this line does is read the array pulled in from the CSV and set it to enabled. It’s actually a super easy command that took me a while to find. But here it is for you!

The rest of the code:

import-module activedirectory
$erroractionpreference = "SilentlyContinue"
$computerobjects = import-csv c:\file.csv


foreach ($compobj in $computerobjects){
                $adcompobj = $null
                $adcompobj = get-adcomputer $compobj.name
                if ($adcompobj) {
                                if (!$adcompobj.enabled) {
                                                set-adcomputer $compobj.name -enabled $true
                                                write-host $compobj.name " was disabled. Set to enabled." -foregroundcolor yellow
                                }
                                else {
                                                write-host $compobj.name " was already enabled. Ignoring." -foregroundcolor green
                                }              
                }
                else {
                                write-host "There was an error connecting to " $compobj.name " or it doesn't exist on the domain." -foregroundcolor red
                }
}