none
Is it possible to have AD create a report of machines that have a custom attribute and what that attribute is? RRS feed

  • Question

  • So confusing title aside,

    My team is looking to create a report of all machines in an OU that have a specific custom attribute, and then compile a second list of the machines that are missing that attribute. Would this be doable through Powershell, or does AD have a function somewhere on it that can accomplish this?



    • Edited by Matthew S Wolfe Wednesday, May 8, 2019 5:45 PM Revision for clarity
    Wednesday, May 8, 2019 4:11 PM

All replies

  • First, this question should be moved to either the Directory Services forum

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverDS

    or the Windows PowerShell forum

    https://social.technet.microsoft.com/Forums/en-US/home?forum=winserverpowershell

    But if a custom attribute for computer objects has been added to the Schema, all computer objects will have the attribute. I assume you want to know which computers have values assigned to the attribute, and which do not.

    To retrieve the value of an attribute with the lDAPDisplayName "MyAttribute" for all computers that have a value assigned, you can use the following PowerShell command:

    Get-ADComputer -LDAPFilter "(MyAttribute=*)" -Properties MyAttribute | Select sAMAccountName, MyAttribute

    The LDAP syntax filter "(MyAttribute=*)" means filter on all computer objects that have any value assigned to MyAttribute. "*" is the wildcard character. To retrieve all computers that have no value assigned to MyAttribute, use the Not operator, "!", as follows:

    Get-ADComputer -LDAPFilter "(!(MyAttribute=*))" | Select sAMAccountName

    The filter "(!(MyAttribute=*))" retrieves all computers with no value assigned to MyAttribute.

    Edit: To restrict the PowerShell statements I posted so they only consider computers in a specified OU, add the -SearchBase parameter and specify the distinguished name of the OU. For example, similar to:

    Get-ADComputer -SearchBase "ou=Computers,ou=West,dc=Domain,dc=com" -LDAPFilter "(MyAttribute=*)" -Properties MyAttribute | Select sAMAccountName, MyAttribute


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)



    Wednesday, May 8, 2019 6:13 PM