# Get-AllDisabledandInactiveComputers ## How to Find Disabled Computers in Active Directory Using PowerShell Report? For those who prefer command-line interfaces and automation, PowerShell offers robust capabilities to manage Active Directory, and also using it you can easily find disabled computers in your AD environment. **Here’s how:** Launch a new PowerShell module and type: ```powershell Get-ADComputer -Filter "Enabled -eq 'false'" Select Name, Enabled <# Add Other attributes you wish to see #> ``` For a more in-depth result, use the following script: ```powershell # Import the Active Directory module Import-Module ActiveDirectory # Define the thresholds for inactive computers (e.g., 90 days) $inactiveThreshold = (Get-Date).AddDays(-90) # Fetch all computer objects from Active Directory $computers = Get-ADComputer -Filter * -Property Name, DistinguishedName, Enabled, LastLogonDate # Initialize arrays to hold categorized computer objects $normalComputers = @() $inactiveComputers = @() $disabledComputers = @() # Categorize the computer objects foreach ($computer in $computers) { if (-not $computer.Enabled) { $disabledComputers += $computer } elseif ($computer.LastLogonDate -lt $inactiveThreshold) { $inactiveComputers += $computer } else { $normalComputers += $computer } } # Function to create a custom object for export function Set-CustomObject { param ( [array]$Computers, [string]$Category ) $result = @() foreach ($computer in $Computers) { $obj = [PSCustomObject]@{ Name = $computer.Name DistinguishedName = $computer.DistinguishedName Category = $Category } $result += $obj } return $result } # Combine all results $allResults = @() $allResults += Set-CustomObject -Computers $normalComputers -Category "Normal" $allResults += Set-CustomObject -Computers $inactiveComputers -Category "Inactive" $allResults += Set-CustomObject -Computers $disabledComputers -Category "Disabled" # Export to CSV $csvPath = "C:\Temp\ADComputerCategories.csv" $allResults | Export-Csv -Path $csvPath -NoTypeInformation # Function to display the results in a colored table function Show-Results { param ( [array]$Computers, [string]$Category, [string]$Color ) Write-Host "$Category Computers:" -ForegroundColor $Color $Computers | Format-Table Name, DistinguishedName, @{Name="Category"; Expression = {$Category}} -AutoSize Write-Host "" } # Display the results Show-Results -Computers $normalComputers -Category "Normal" -Color "Green" Show-Results -Computers $inactiveComputers -Category "Inactive" -Color "Yellow" Show-Results -Computers $disabledComputers -Category "Disabled" -Color "Red" Write-Host "Results exported to $csvPath" ``` [![image.png](https://wikipedia.mutschlerhome.com/uploads/images/gallery/2025-03/scaled-1680-/image.png)](https://wikipedia.mutschlerhome.com/uploads/images/gallery/2025-03/image.png) ### Legacy Techniques to Find Stale Computer Objects in AD If you operate an older version of Windows Server, then the command line will suffice. It is similar to the one used to [find locked out accounts in Active Directory](https://www.systoolsgroup.com/how-to/find-locked-out-accounts-in-active-directory/) setup. Open CMD on your workstation and type ``` > dsquery computer -disabled ``` Or ``` > search-adaccount -accountinactive -computersonly ``` ![Inactive Computers](https://www.systoolsgroup.com/how-to/wp-content/uploads/2024/05/powershell.webp) Another method is to use the Visual Basic script. ``` ' This code finds disabled computer accounts in an AD domain. ' ------ SCRIPT CONFIGURATION ------ strDomainDN = "" ' To find disabled computers in Active Directory replace with your actual domain name in LDAP format ' ------ END CONFIGURATION --------- strBase = ";" strFilter = "(&(objectclass=computer)(userAccountControl:1.2.840.113556.1.4.803:=2))" ' Filter for disabled accounts strAttrs = "name;userAccountControl" ' Retrieve name and account control attribute Const ADS_UF_ACCOUNTDISABLE As Integer = &H2 ' Flag for disabled account Set objConn = CreateObject("ADODB.Connection") objConn.Provider = "ADsDSOObject" objConn.Open "Active Directory Provider" Set objRS = objConn.Execute(strBase & strFilter & strAttrs & strScope) objRS.MoveFirst While Not objRS.EOF If (objRS.Fields("userAccountControl").Value And ADS_UF_ACCOUNTDISABLE) = ADS_UF_ACCOUNTDISABLE Then Wscript.Echo objRS.Fields(0).Value & " (Disabled)" Else Wscript.Echo objRS.Fields(0).Value & " (Enabled)" End If objRS.MoveNext Wend ' Clean up Set objRS = Nothing Set objConn = Nothing ```