How to Get Computer Group Membership with or without PowerShell

Native Auditing vs. Netwrix Auditor for Active Directory
{{ firstError }}
We care about security of your data. Privacy Policy
Native Auditing Netwrix Auditor for Active Directory
Native Auditing
Netwrix Auditor for Active Directory
Steps

To get computer group membership with PowerShell, follow these steps:

  • Open the Powershell ISE on your domain controller.
  • Run the following Powershell script, supplying the CSV file report output path and the computer name:

$Path= "C:\Temp\ComputerGroups.csv"

$Name= "EXCHANGE"

Get-ADComputer -Filter {Name -like $Name} | ForEach-Object {

    $computer= $_

    Get-ADPrincipalGroupMembership -Identity $_|

        Select-Object @{Name = 'Computer Name'; Expression =

{$computer.SamAccountName}},@{Name = 'GroupName'; Expression =

{$_.SamAccountName}},@{Name = 'Distinguished Name'; Expression =

{$_.distinguishedname}}, @{Name = 'Member'; Expression = {$computer.DNSHostName}}

}| Export-Csv -Path $Path -NoTypeInformation

Note that you can get a summary of all domain computer accounts by specifying $Name = "*"; however, this report will take significant time to generate.

  • Review .csv report:
How to get computer group membership with PowerShell

To get computer group membership with Netwrix Auditor, follow these steps:

  • Run Netwrix Auditor
  • Navigate to “Reports” -> Choose “Predefined” -> Expand the “Active Directory” section -> Go-to “Active Directory – State-in-Time” -> Select “Users and Computers – Effective Group Membership” -> Click “View”.
  • In the “Account Name” field, specify the computer you want to report on.
  • In “Membership type” field, specify “Directly”.
  • Review your report. Note that in the sample report below, Netwrix Auditor has translated the cryptic string “$H31000-K5769ISACFFV” from the native report at the left into the readable group name, “Exchange Install Domain Servers”.
How to get computer group membership with Netwrix Auditor
Learn more about Netwrix Auditor for Active Directory

Investigate Conflicting Policies Faster

The proper way to deploy GPO and WSUS settings on computers and servers in your organization is to link them to AD groups. However, enterprise growth can cause your AD group structure to get quite complex, which can lead to policy conflicts. Troubleshooting errors and other issues by manually searching through all the information can take significant time. PowerShell can help; for instance, if you need to list all Active Directory groups that certain computer account belongs to, you can use the PowerShell Get-ADPrincipalGroupMembership cmdlet from the ActiveDirectory module and then export the results to CSV or another format.

However, PowerShell scripting is still time-consuming, and it will show only the current state of your system. Netwrix Auditor for Active Directory provides enterprise admins with much deeper visibility into their Active Directory configuration. Instead of painstakingly writing scripts and manually massaging their output, you simply run predefined reports. The reports include all the necessary details, including computer names and domains, and you can easily export them in PDF, CSV or Microsoft Excel format. You can also find the data you need using the Interactive Search feature. More broadly, you can track changes to your AD structure or compare the current state of your AD structure to any point in the past, so you can proactively spot and remediate issues before you suffer breaches or business disruption. 

Related How-tos
How to Export a Computer List from Active Directory How to List All Computers in an OU How to Find Inactive Computers in Active Directory with or without PowerShell How to Check If AD User Account Is Disabled Using PowerShell and Netwrix Auditor How to Find Inactive Users in Active Directory using PowerShell or Netwrix Auditor