PowerShell AD cheatsheet

This post contains various powershell commands which are helpful to maintain and auditing Windows Active Directory

Get list of all inactive computers in AD (180 days without logon events)

Search-ADaccount -ComputersOnly -AccountInactive -Timespan 180

the command above will include disabled computer. If you want to get only enabled computers objects, you can use a filter.

Search-ADaccount -ComputersOnly -AccountInactive -Timespan 180 | -Filter {Enabled -eq $true}


if you want to ouput in more readeable format like csv, you can easily do it.

Search-ADaccount -ComputersOnly -AccountInactive -Timespan 180 -Export-Csv -Path myfile.csv | -Filter {Enabled -eq $true} 

Get all members of a specific AD group (LS-FLT-US-DEMO-GRP)

Get-ADGroupMember -Identity "LS-FLT-US-DEMO-GRP"


Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.