===== Скрипты AD =====

**Найти все машины с Windows в домене AD, которые включены, и у которых не задан пароль восстановления Bitlocker**

<code>
Import-Module ActiveDirectory
$pcs = Get-ADComputer -Filter  'Enabled -eq $true -and OperatingSystem -like "*Windows*"'
foreach ($pc in $pcs) {
$dn = $pc.DistinguishedName
$ldPath = "AD:\",$dn -join ""
if ((Get-ChildItem $ldPath | where {$_.objectClass -eq "msFVE-RecoveryInformation"}) -eq $null) {echo $pc.name}} 
</code> 

----

**Вывод информации об ОС (полный билд и т.д.) всех компьютеров домена**

Перед запуском скрипта необходимо создать две директории: c:\temp и c:\scripts. Запускать скрипт надо из папки scripts. В temp будет сформирован файл csv с результатами выполнения скрипта. 

<WRAP prewrap>
<code>
<#
    .SYNOPSIS
    Get-WindowsOSBuilds.ps1

    .DESCRIPTION
    Export Windows OS versions and build numbers to CSV file.

    .LINK
    alitajran.com/export-windows-os-build-numbers

    .NOTES
    Written by: ALI TAJRAN
    Website:    alitajran.com
    LinkedIn:   linkedin.com/in/alitajran

    .CHANGELOG
    V1.00, 04/16/2023 - Initial version
#>

# Retrieve a list of all computers in the domain
$computers = Get-ADComputer -Filter { OperatingSystem -Like "Windows*" }

# Set the registry path that will be used to retrieve the Windows build numbers
$regPath = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion"

# Initialize progress bar
$total = $computers.Count
$completed = 0
$progress = 0
Write-Progress -Activity "Retrieving Windows build numbers" -Status "Starting..." -PercentComplete $progress

# Loop through each computer and retrieve the Windows versions and build numbers (if the computer is online)
$results = foreach ($computer in $computers) {
    $computerName = $computer.Name
    $online = Test-Connection -ComputerName $computerName -Count 1 -Quiet
    if ($online) {
        $winRMEnabled = (Test-WSMan -ComputerName $computerName -ErrorAction SilentlyContinue) -ne $null
        if ($winRMEnabled) {
            $buildNumber = (Invoke-Command -ComputerName $computerName { (Get-ItemProperty -Path $using:regPath -Name "CurrentBuild").CurrentBuild })
            $revisionNumber = (Invoke-Command -ComputerName $computerName { (Get-ItemProperty -Path $using:regPath -Name "UBR").UBR })
            $windowsBuildNumber = "$buildNumber.$revisionNumber"
            $edition = (Invoke-Command -ComputerName $computerName { (Get-ItemProperty -Path $using:regPath -Name "ProductName").ProductName })
            $version = (Invoke-Command -ComputerName $computerName { (Get-ItemProperty -Path $using:regPath -Name "ReleaseID" -ErrorAction Stop).ReleaseID })
        }
        else {
            $windowsBuildNumber = "N/A"
            $edition = "N/A"
            $version = "N/A"
        }
        [PSCustomObject] @{
            "ComputerName" = $computerName
            "Status"       = "Online"
            "WinRM"        = if ($winRMEnabled) { "Enabled" } else { "Disabled" }
            "Edition"      = $edition
            "Version"      = $version
            "OSBuild"      = $windowsBuildNumber
        }
    }
    else {
        [PSCustomObject] @{
            "ComputerName" = $computerName
            "Status"       = "Offline"
            "WinRM"        = "N/A"
            "Edition"      = "N/A"
            "Version"      = "N/A"
            "OSBuild"      = "N/A"
        }
    }
    $completed++
    $progress = [Math]::Round($completed / $total * 100)
    Write-Progress -Activity "Retrieving Windows build numbers" -Status "Completed $completed of $total" -PercentComplete $progress
}

# Sort the results by ComputerName in ascending order and select only the desired columns
$results | Sort-Object ComputerName | Select-Object ComputerName, Status, WinRM, Edition, Version, OSBuild | Export-Csv -Path "C:\Temp\WindowsOSBuilds.csv" -NoTypeInformation
</code> 
</WRAP>

Автор скрипта: https://www.alitajran.com/export-windows-os-build-numbers/

{{tag>Microsoft PowerShell Bitlocker ActiveDirectory}}