PowerShell AD cheatsheet

This post contains various powershell commands which are helpful to maintain and auditing Windows Active Directory

Get list of all inactive computers in AD (180 days without logon events)

Search-ADaccount -ComputersOnly -AccountInactive -Timespan 180

the command above will include disabled computer. If you want to get only enabled computers objects, you can use a filter.

Search-ADaccount -ComputersOnly -AccountInactive -Timespan 180 | -Filter {Enabled -eq $true}


if you want to ouput in more readeable format like csv, you can easily do it.

Search-ADaccount -ComputersOnly -AccountInactive -Timespan 180 -Export-Csv -Path myfile.csv | -Filter {Enabled -eq $true} 

Get all members of a specific AD group (LS-FLT-US-DEMO-GRP)

Get-ADGroupMember -Identity "LS-FLT-US-DEMO-GRP"


