Learn how to quickly retrieve and manage all computer accounts in an Active Directory domain using simple PowerShell commands
Active Directory (AD) is like a central hub that holds all the information about computers within a domain. Because of this, system administrators need to be able to efficiently query and manage these computer accounts in AD. You can easily retrieve and filter Active Directory computer accounts using PowerShell cmdlets.
Before you run PowerShell commands to fetch computer accounts, make sure you have the following in place:
You have administrative privileges to query Active Directory.
The Active Directory module for PowerShell is installed.
You’re running the script on a system that’s joined to the domain or has the right permissions to query AD.
To get started with Active Directory in PowerShell, you’ll need to import the Active Directory module. If it’s not already installed, you might have to set up the Remote Server Administration Tools (RSAT).
Import-Module ActiveDirectory
If you want to pull up a complete list of all computer accounts in the domain, you can use the Get-ADComputer cmdlet like this:
Get-ADComputer -Filter * | Select-Object Name, OperatingSystem, LastLogonDate
This will give you all the computer accounts along with their names, operating systems and last logon dates.
To get computers from a specific Organizational Unit (OU), you can use the SearchBase parameter:
Get-ADComputer -Filter * -SearchBase "OU=Computers,DC=example,DC=com" | Select-Object Name, OperatingSystem
Just replace OU=Computers,DC=example,DC=com with the correct OU path for your domain.
If you want to list all computers that are running Windows Server, you can do it like this:
Get-ADComputer -Filter "OperatingSystem -like '*Windows Server*'" | Select-Object Name, OperatingSystem
To find inactive computer accounts, you can check the LastLogonDate property:
Get-ADComputer -Filter * -Properties LastLogonDate | Where-Object { $_.LastLogonDate -lt (Get-Date).AddDays(-90) } | Select-Object Name, LastLogonDateThis will give you all the computers that haven’t logged in for the past 90 days.
If you want to export this list to a CSV file for reporting or further analysis:
Get-ADComputer -Filter * | Select-Object Name, OperatingSystem, LastLogonDate | Export-Csv -Path C:\ComputerList.csv -NoTypeInformation
PowerShell makes it easy to manage and filter computer accounts in Active Directory. From retrieving all accounts to finding inactive ones or exporting results, these commands help streamline AD administration and keep your environment organized.
Get-ADComputer is a PowerShell cmdlet from the Active Directory module used to retrieve computer account objects stored in an Active Directory domain. It allows administrators to query, filter, and export computer account data such as names, operating systems, last logon dates, and organisational unit (OU) membership, all from the command line.
Yes. You need administrative privileges or at minimum, read access to the Active Directory domain to query computer accounts. Standard user accounts typically do not have permission to run Get-ADComputer against the domain. It's recommended to run PowerShell as a domain admin or a delegated AD read account.
RSAT stands for Remote Server Administration Tools. It is a Microsoft toolkit that includes the Active Directory module for PowerShell. Without RSAT installed, the Import-Module ActiveDirectory command will fail. RSAT can be installed on Windows 10/11 via Settings > Optional Features, or on Windows Server through the Server Manager.
You can use the LastLogonDate property with a date filter. The following command returns all computers that haven't logged in for the past 90 days:
Get-ADComputer -Filter * -Properties LastLogonDate | Where-Object { $_.LastLogonDate -lt (Get-Date).AddDays(-90) } | Select-Object Name, LastLogonDate
This is useful for identifying stale or decommissioned machines that should be removed from Active Directory.
LastLogonDate is a replicated attribute, meaning it is synchronized across all domain controllers and is generally easier to query. LastLogon, on the other hand, is a non-replicated attribute stored only on the specific domain controller where the logon occurred. For most reporting and audit purposes, LastLogonDate is the preferred property to use in PowerShell queries.
Stop piecing together your IT environment with PowerShell scripts and manual AD queries. Zecurit's Endpoint Manager gives you real-time visibility, automated patch management, remote software deployment, and security enforcement, all from one powerful console.
✓ Set up in 10 minutes ✓ No credit card required