AD Computer scanner with PowerShell for Windows 2003 and up with Gridview

As always; my days get all clogged with things i must do; for instance make an overview of all AD computer objects and sort out all obsolete items.

This can be done in many ways i just opted for the PowerShell way and using the Gridview. this thing is so powerfull out-of-the-box that the script itself remains small.

the output looks like this:

This grid will find: Name, Description, OperatingSystem, Servicepack,Lastlogontimestamp, Creation date, Logoncount and the time a bad password was put in.

The Gridview itself has some powerful filtering options. With the add criteria; filters items can be added. you just have to experiment with the filters to see what they can do.

This script does NOT use the ActiveDirectory PowerShell module. it just finds the AD domain root itself and connects to it with ADSI so this script can be run just about everywhere as long as it is a Windows Domain with PowerShell enabled on the scanning machine, this script, for example, is ideal to scan a Active Directory that is not Domain level 2008 or higher; it also runs good on older 2003 environments.

Please beware; in large environments this script can pull quite some LDAP traffic from a domain controller; it is not BITS enabled and does not use Qos

have fun with it

#####################################################
# Name:           ADComputers Scanner
# Date:           19-9-2013
# Version:        1.0
# Creator:        Bas Huygen
# Changetones:    
#####################################################

#get ADSI information from root domain
$dc=[ADSI]""
$domain=$dc.distinguishedName
$domainexw="LDAP://"+$domain
$ADDomain=[ADSI]$domainexw
$ADSearch= New-Object System.DirectoryServices.DirectorySearcher
$ADSearch.SearchRoot=$ADDomain
$ADSearch.Filter= "(objectCategory=computer)"
$ADSearch.PropertiesToLoad.AddRange() 2>&1

#get all computers from the root domain
$results=$ADSearch.FindAll()

$array.Clear()

#Loop through all computers of the domain and gather information
foreach($res in $results){
    $obj = New-Object PSObject

    #$resdescr=$res.Properties.description
    $obj | Add-Member NoteProperty Name ([string]$res.properties.name)
    $obj | Add-Member NoteProperty Description ([string]$res.Properties.description)
    $obj | Add-Member NoteProperty operatingsystem ([string]$res.Properties.operatingsystem)
    $obj | Add-Member NoteProperty operatingsystemservicepack ([string]$res.Properties.operatingsystemservicepack)
    $rawtime= [string]$res.Properties.lastlogontimestamp
    $obj | Add-Member NoteProperty lastlogontimestamp([datetime]::FromFileTime($rawtime))
    $obj | Add-Member NoteProperty Created ([string]$res.properties.whencreated)
    #$pwlastraw=[string]$res.properties.pwdLastSet
    #$obj | Add-Member NoteProperty PasswordLastSet ([datetime]::FromFileTime($pwlastraw))
    $obj | Add-Member NoteProperty LogonCount ([string]$res.properties.logoncount)
    $badpwdraw=[string]$res.properties.badpasswordtime
    $obj | Add-Member NoteProperty badPasswordTime ([datetime]::FromFileTime($badpwdraw))

    
    #Write-Output $obj
    [array]$array += $obj
    }


    $Title = "Machine view of domain $domain"
    $array| sort Name|Out-GridView -Title $Title 

 

Tags van Technorati: AD computers scanner powershell,AD scanner without AD module,Gridview