Powershell - Get-ADComputer -properties memberof

Question

I am trying to find if any servers in our enviroment have NOT been applied to a particular group. I have a list of groups that we use to patch our Windows Servers on partiular d

Answer 1

[System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest().Sites | if($server.OperatingSystem -match "Windows Server 200[38]"| % { $_.Server }

| select Domain,Name,Roles,OSVersion,IPAddress

Answer 2

Let's work with this:

$groups = @("Terminal Server License Servers","Exchange Trusted Subsystem","Cert Publishers")
$regex = '^({0})' -f ($groups -join '|')
get-adcomputer -Filter {OperatingSystem -like "Windows Server 200*"} -properties * | 
    Where-Object{($_.MemberOf | Get-ADGroup).Name -notmatch $regex} |
    Select-Object Name,OperatingSystem,MemberOf

Take the groups and turn them into an array. Join the array members into a regex string which will match the full names of groups. Move the If statement into a -Filter to return only what you want which would make it more efficient. The MemberOf is a list of DistinguishedNames. Get the just the group name from Get-AdGroup. You could easily use string manipulation to extract the name from the dn. I just find this easier. Havent done anything, beyond a Select-Object, with the results but you could pipe into a ForEach-Object and process accordingly.

Answer 3

$servers = get-adcomputer -Filter 'ObjectClass -eq "Computer"' -properties * |
if($server.OperatingSystem -match "Windows Server 200[38]" | 
% { $_.Server } | select Domain,Name,Roles,OSVersion,IPAddress

Provides only 2003 and 2008 matches filtering