Use PowerShell to Query AD DS for Servers and then Find Hotfixes

Doctor Scripto

Summary: Microsoft Scripting Guy, Ed Wilson, talks about querying the AD DS module via PowerShell and using the results to find hotfixes.

Hey, Scripting Guy! Question Hey, Scripting Guy!  We have a server running Windows Server 2008 R2 that is acting as one of our domain controllers. I do not have access to install the Remote Server Administration Tools (RSAT) on my workstation. However, I would like to use the Active Directory Domain Services (AD DS) cmdlets to return a listing of all servers on the network. I need to check the status of the most recent hotfix installed on all the servers. I do not have a list of servers because we are constantly adding and removing virtual servers based on load and demand, so Active Directory is the only place I feel comfortable in obtaining this information. Can you help?


Hey, Scripting Guy! Answer Hello BB,

Microsoft Scripting Guy, Ed Wilson, is here. There are over 100 people already signed up for PowerShell Saturday in Charlotte, North Carolina on September 15, 2012. The tickets are fast disappearing, so if you want to attend this event, you should register before the event sells completely out. By the way, there are several sessions that talk about using Windows PowerShell with Active Directory on the agenda. Microsoft PFE, Ashley McGlone will be making an excellent presentation for this track.

Use Windows PowerShell remoting to load the module

If you are using Windows PowerShell 2.0 and you have access to the Active Directory module, there are several ways to load and use the module. In a particular scenario where I only need a list of server names, it is easiest to use the Invoke-Command cmdlet and store the returned information in a variable. The command shown here accomplishes this task.

$cred = Get-Credential iammred\administrator

$servers = Invoke-Command -cn dc3 -cred $cred -script {import-module ActiveDirectory;

Get-ADComputer -LDAPFilter “(&(objectcategory=computer)(OperatingSystem=*server*))”}

To verify that the command worked properly and that I have an array of server names, I access the count property. This command is shown here.


In Windows PowerShell 3.0, I can directly access the server names by using the name property as shown here.


But in Windows PowerShell 2.0, I need to use a ForEach-Object loop. This command is shown here.

$servers | foreach {$}

The commands and the output associated with the commands are shown in the image that follows.

Image of command output

Use Invoke-Command to do the query

When I know that I have my list of servers, it is simple to query to find the latest hotfix. I can use the computer parameter of the Get-Hotfix cmdlet to do the query, but that presupposes that a large number of ports on the remote server are open, and that simply might not be the case. In Windows Server 2012, Windows PowerShell remoting is on by default, and if you are running Windows PowerShell in your environment, you should turn it on for your other servers (after the appropriate security review of course). I like using WinRM instead of RPC or DCOM on my network because WinRM uses only a single port, and the Enable-PSRemoting command makes it really easy to set up and configure.

Therefore, I use the Invoke-Command cmdlet to get the required hotfix information. In the command listed here, I use the Invoke-Command cmdlet, and I pass the collection of Server objects to the CN parameter. I use the Windows PowerShell 3.0 syntax and pick the name property directly from the array of objects. I pass my credential object to the credential parameter and the Get-HotFix cmdlet in the script block chooses the last hotfix from the collection. The ErrorAction gets set to 0, which means that errors do not halt operation, nor do they display. (See PowerTip: Specifying PowerShell Error Actions for more information about error actions.) The command is shown here.

Invoke-Command -cn $ -cred $cred -script { get-hotfix | select -Last 1 } -ea 0

It is not necessary to create a new variable to store the server names if you are using Windows PowerShell 2.0. The syntax to pick out only the server name is usable in the ComputerName parameter of the Invoke-Command cmdlet. This technique is shown here.

Invoke-Command -cn ($servers | % {$})  -cred $cred -script { get-hotfix | select -Last 1 } -ea 0

The commands and the associated output from the commands are shown in the image that follows.

Image of command output

BB, that is all there is to using Windows PowerShell to query Active Directory Domain Services when you do not have the RSAT installed on your workstation. Join me tomorrow for more cool Windows PowerShell stuff.

I invite you to follow me on Twitter and Facebook. If you have any questions, send email to me at, or post your questions on the Official Scripting Guys Forum. See you tomorrow. Until then, peace.

Ed Wilson, Microsoft Scripting Guy 


Discussion is closed.

Feedback usabilla icon