Utilizing the power of Active Directory module for PowerShell to accomplish tasks fast and easy

I was working with a customer , who requested for an easy way to do the following two tasks :

1. Identify all the installed operating system versions and their current service packs for all computers in his company’s Active Directory Domain.
2. List all disabled computers accounts all over the domain and move them to a designed OU for review prior deletion

As his Active Directory is hosted by Windows Server 2008 R2 domain controllers I advised him to utilize the capabilities of Windows PowerShell with Active Directory module , as follow :

First of all , let’s list all available modules for Windows PowerShell , then import the one for Active Directory by executing the following commands at an elevated Windows PowerShell window :

Get-Module –ListAvailable

Import-Module ActiveDirectory

Once the module is imported , you can start to execute all commands related to Active Directory objects . Update : for PowerShell 3.0 “Preinstalled with Windows Server 2012” the right module is automatically imported – if available – when executing a relative to the module command(s)

First task

It can accomplish by executing the following command :

Get-ADComputer –Filter * –Properties * | Select Name,OperatingSystem,OperatingSystemServicePack,OperatingSystemVersion | ft –Warp –AutoSize

This commands queries for all computers within the Active Directory domain and listing the values for their related properties ( attributes ) , and finally arrange them in a table-like view :

• Name : Hostname of the computer ( AD computer account name )
• OperatingSystem : The edition of the deployed on the computer OS , for example “Windows Server 2008 R2 Enterprise”
• OperatingSystemServicePack :The deployed service pack on the current installed operating system
• OperatingSystemVersion : The version and build for the currently installed OS on the computer

Note : I used Select to filter the required attributes that retrieved with the Get-ADComputer –Filter * –Properties * , which can be used to retrieve all properties related to all PCs within your Active Directory.

Second task

It can accomplish it by executing the following commands :

• To list all computers with disable accounts by name and last logon date, execute the following :

Get-ADAccount –ComputersOnly –AccountDisabled | Select Name,LastLogonDate

• To issue move for all disable computers accounts to a specified OU , execute the following :

Get-ADAccount –ComputersOnly –AccountDisabled | Move-ADObject –TargetPath “Designated OU Distinguished Name”

And voila , here is the account after being moved