Powershell: Using PoSH to Search Across Multiple Domains in Forest

I was recently asked to get a quick report of all Windows 7 computers within a multi-domain AD forest.  After banging my head into the keyboard for a while, I finally figured it out.  The script below should do the trick.

Also, if you use the OperatingSystemVersion attribute, you will find that Server 2008 R2 shares version “6.1 (7600)”.  So, the best way to find Windows 7 only, is to search for “Windows 7*” with the wildcard character against the OperatingSystem attribute.  That will ensure all Windows 7 versions are returned and will exclude Server 2008 R2 from your results.

#Get Domain List
$objForest = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest()
$DomainList = @($objForest.Domains | Select-Object Name)
$Domains = $DomainList | foreach {$_.Name}

#Act on each domain
foreach($Domain in ($Domains))
	Write-Host "Checking $Domain" -fore red
	$ADsPath = [ADSI]"LDAP://$Domain"
	$objSearcher = New-Object System.DirectoryServices.DirectorySearcher($ADsPath)
	$objSearcher.Filter = "(&(objectCategory=Computer)(operatingSystem=Windows 7*))"
	$objSearcher.SearchScope = "Subtree"

	$colResults = $objSearcher.FindAll()
	foreach ($objResult in $colResults)
		$Computer = $objResult.GetDirectoryEntry()


  1. Rick Sheikh says:

    Neat use case of System.DirectoryServices.ActiveDirectory.Forest.

    Queries as such are a must every time you have to query a multi-domain forest. By manipulating the LDAP query under filter, you can pretty much search for anything.


Comments are closed.