I have spent many hours on this and engaged a number of people I know to be PowerShell experts without any luck. It should be simple but it is definitely not working out that way this time.
Objective:
- I want to get all computers in an OU (the computers in the OU will be changing - I am open to using a server list, but it will still need to run to get the computers in the OU daily and updating the txt file before continuing onto the second task - about to explain).
- I will then use the computers found in the OU to run gpupdate (not force, there is only one policy being linked at X time daily - this is being handled successfully by another set of PS scripts). I know this can be accomplished manually for OUs by that is not the way we want to go. We are using a third party tool to run the PS scripts on a schedule. Task scheduler is not used at this computer due to past issues with management, but regardless the 3rd party tool is fine. The issue is I cannot return the computers in the OU.
I CAN return all computers and their basic properties in my domain using:
Get-ADComputer -Filter *
However I have had 0 success running with "SearchBase" and any Filter:
Get-ADComputer -SearchBase "OU=WVDTestEnvironment,DC=contoso,DC=com" -Filter "*"
I have tried moving Filter to before SearchBase, removing the quotes around *, using single quotes, leaving out the filter and entering it when prompted as a *, changing case on nearly every word, verified OU name, domain etc, adding spaces between the OU and DCs, changing OU to CN, making sure the module is loaded (it is).
In the even I get this portion working, my snippet goes on to do the gpupdate after a pipe, but I have taken that off completely as I can't get past this basic part to collect the computer to update.
Additional note - this has been tried on Windows Server 2016 and Windows Server 2019, 16 gb 4 cpus, 32 gb 8 cpus, respectively, just to show the horsepower is there - the OSs may be significant as I haven't had issues in the past on 2012 servers and the page I found the bulk of the script was running it on 2012 R2 I believe.
I have tried running:
Get-ADComputer -Filter 'DistinguishedName -like "CN=contoso,CN=com"'
The above does not return an error, but it returns no results. Even though it should also return all computer accounts in domain.
The error I receive when trying to run my original snippet :
Get-ADComputer -SearchBase "OU=WVDTestEnvironment,DC=contoso,DC=com" -Filter "*"
is below:
Powershell code and returned error
This OU is also a child/sub OU, so I did also attemptincluding the top level OU in my search base, but the error was the same (not pictured)
Get-ADComputer -SearchBase "OU=TopLevelOUName,OU=WVDTestEnvironment,DC=contoso,DC=com" -Filter "*"
Any help or pointers would be MUCH appreciated. I am confident I won't have any trouble with the GPUpdate command once I can get back either a text file of computers or computers held in memory and use the command after a pipe on the same powershell line. I can remove the pipe, add a new line, whatever is needed. I just need to get these computer accounts returned as this OU will fluctuate greatly as time goes on.
Originally found this PowerShell snippet at https://blog.thesysadmins.co.uk/group-policy-gpupdate-an-ou-of-computers.html (see method 2)
