Organizations that use Active Directory must maintain it regularly. Additionally, this maintenance is incomplete unless administrators know how to identify disabled computers in Active Directory.
Why Should You Identify Old Computers in Active Directory?
Some of the most frequent reasons are:
Enhance Efficiency: Old, unused computers can slow down the system. By finding and removing these inactive computers, admins can speed up performance and make daily tasks run more smoothly.
Strengthen Security: Having fewer vulnerable devices means there's less chance for attackers to find weak spots, which makes the organization’s security stronger.
Allow Auditing: Organizations frequently face compliance checks. If discover many inactive computers during these checks, it could raise concerns. To avoid potential legal issues, administrators should locate and address these inactive computers in advance.
How to get a list of disabled computers in Active Directory using Powershell?
Use the following command to obtain a list of disabled computers:
PS C:\ > Get-ADComputer -Filter "Enabled -eq 'false'" | select Name, Enabled
How to get a list of disabled computers from the specific OU in Active Directory?
Use the following command to retrieve a list of disabled computers from the specific OU:
PS C:\ > Get-ADComputer -Filter {Enabled -eq $false} -SearchBase "OU=Workstations,DC=example,DC=com" | Select-Object Name, Enabled
Explanation:
Get-ADComputer: Retrieves computer objects from Active Directory.
-Filter {Enabled -eq $false}: Filters the results to show only computers where the Enabled attribute is False (i.e., disabled).
-SearchBase "OU=Workstations,DC=example,DC=com": Specifies the OU where you want to search. Replace this with the DN of your desired OU.
Select-Object Name, Enabled: Selects and displays the Name and Enabled properties for each computer.
To export the result to a CSV File:
PS C:\ > Get-ADComputer -Filter {Enabled -eq $false} -SearchBase "OU=Workstations,DC=example,DC=com" | Select-Object Name, Enabled | Export-Csv -Path "C:\Reports\DisabledComputersInOU.csv" -NoTypeInformation
Conclusion:
In this article, you have learned how to retrieve a list of disabled computers in Active Directory using PowerShell. This knowledge helps administrators efficiently manage and clean up inactive computer accounts, improving both performance and security within the network.