none
Auditing*--How to (if possible) query Active Directory for Hosts with specific roles/features installed? RRS feed

  • Question

  • I've been combing bing/google with a lean version of the same keywords in the title to try and see if there is any information out there on how to do it.  I suspect it's possible but I'm not familiar with any cmdlets or WMI queries that would allow admins to essentially audit which hosts or servers have specified roles/features installed.

    If this info is out there, a link would be greatly appreciated!

    Thanks in-advance!

    ~Dapp

    If the request is too vague, here's the problem:

    I want to know if any of the servers in my domain have the "File Server Resource Manager" role installed.

    I know I could do a "foreach" loop with a list of servers in my domain and iterate through a series of "Get-WindowsFeature" cmdlet statements but I'm convinced there's a better way to do it.

    Sunday, January 21, 2018 4:12 AM

Answers

  • Joe,

    first and foremost--thanks for taking the time to review my inquiry and respond!

    Secondly, I did want to provide some followup input about how a rudimentary audit based on such criteria as windows features can be accomplished via WMI queries.

    I discovered this after a second look, you know how that happens--when you have that epiphany about how to approach the solution to a problem from a different angle.

    Anyhow, here's what I discovered:

    - You can perform a rudimentary audit of which hosts have specified features/roles installed by using the values corresponding to the "name" property in the output of a Get-WindowsFeature command.

    - Using any of the values from the output above, you can run a query such as follows with a fairly reasonable expectation of accurate results provided that all machines within the domain of the query have WinRM enabled:

    foreach ($pc in $(Get-AdComputer -Filter * | Select-Object -ExpandProperty name)) {Get-WmiObject -ComputerName $pc -Query "SELECT * FROM Win32_OptionalFeature WHERE name LIKE '<WQL-compatiblestring>' AND installstate=1"}

    in my example, I substituted 'FS%' for <WQL-compatiblestring> with the wildcard to find any FS... (fileserver role/feature) content.

    It's not pretty--but it works!

    The following link contains insight as to the possible values for the installstate property of the WMI objects:  https://msdn.microsoft.com/en-us/library/ee309383(v=vs.85).aspx





    Saturday, January 27, 2018 12:08 AM

All replies

  • Unfortunately, this type of information, Features and Roles installed on a machines, is NOT stored in Active Directory. 

       joe



    -- MVP Directory Services since 2001

    Thursday, January 25, 2018 2:08 AM
  • Joe,

    first and foremost--thanks for taking the time to review my inquiry and respond!

    Secondly, I did want to provide some followup input about how a rudimentary audit based on such criteria as windows features can be accomplished via WMI queries.

    I discovered this after a second look, you know how that happens--when you have that epiphany about how to approach the solution to a problem from a different angle.

    Anyhow, here's what I discovered:

    - You can perform a rudimentary audit of which hosts have specified features/roles installed by using the values corresponding to the "name" property in the output of a Get-WindowsFeature command.

    - Using any of the values from the output above, you can run a query such as follows with a fairly reasonable expectation of accurate results provided that all machines within the domain of the query have WinRM enabled:

    foreach ($pc in $(Get-AdComputer -Filter * | Select-Object -ExpandProperty name)) {Get-WmiObject -ComputerName $pc -Query "SELECT * FROM Win32_OptionalFeature WHERE name LIKE '<WQL-compatiblestring>' AND installstate=1"}

    in my example, I substituted 'FS%' for <WQL-compatiblestring> with the wildcard to find any FS... (fileserver role/feature) content.

    It's not pretty--but it works!

    The following link contains insight as to the possible values for the installstate property of the WMI objects:  https://msdn.microsoft.com/en-us/library/ee309383(v=vs.85).aspx





    Saturday, January 27, 2018 12:08 AM
  • I did want to update.  There seems to be some disparity between the values in the name field that that is output from a Get-WindowsFeature command statement and the win32_optionalfeature.name field.  For accurate results from a wmi query, a mapping of optionalfeature names as they correspond to the name values from the Get-WindowsFeature cmdlet is advised.
    Friday, April 6, 2018 3:06 AM