I have to audit whole Active Directory domain computers with software. I find out that old admin deployed Audit software for Group 'Audit_Software'. My goal is find all computers in domain which dont have 'Audit_Software' membership.
eg. 'Audit_Software' contain 2x computer accounts 'netbios_PC1' 'netbios_PC2'
but whole domain have many more computer accounts without that group. How to use powershell to find computer accounts in AD (all containers) without 'Audit_Software' group ??
Enumerate the members of that group like this:
$group = Get-ADGroup -Identity 'Audit_Software'
$members = Get-ADGroupMember -Identity $group | select -Expand Name
then enumerate all computers and filter for those whose name is not in that list:
Get-ADComputer -Filter * | ? { $members -notcontains $_.Name }