Executive Summary:
Although you need Windows PowerShell installed on your computer to run these pair of PowerShell scripts, you don't need to know how to write any PowerShell code to use them. You provide all the information they need when you execute the scripts from the PowerShell command line. With these PowerShell scripts, you can reboot, ping, power off, or shut down any number of computers in an AD domain. You can even use them to log off users. |
Sometimes it's necessary to reboot computers in an Active Directory (AD) domain or organizational unit (OU). For example, if you use a Group Policy Object (GPO) to deploy software to computers, Group Policy won't install the software until the computers reboot. Or, you might need to reboot some computers after installing a security patch or when you run a computer startup script. Whatever the reason, rebooting multiple computers is a common administrative task that a script can accomplish.
Because I often have to reboot multiple computers, I decided to create a scripting solution that would:
- Create a list of computers.
- Reboot each computer in the list.
- Report on the success or failure of each reboot.
I first investigated using Windows' built-in command-line tools in the scripting solution. The Dsquery Computer command can produce a list of computers, and the Shutdown command can reboot a remote computer. However, these commands have some limitations. First, each computer name in the Dsquery Computer command's output ends with the $ character and is enclosed in double quotes, so my script would have to perform extra string manipulation to extract just the computer names. Second, the Shutdown command wasn't designed with automation in mind, so it's difficult to get its results into a readable format.
I then thought of writing a Windows Script Host (WSH) script that would use ActiveX Data Objects (ADO) to find the computers and Windows Management Instrumentation (WMI) methods to reboot them. However, creating formatted output with a WSH script is largely a manual process.
Due to these limitations, I decided to write two PowerShell scripts:
- Get-EnabledComputerCN.ps1, which creates a list of computers.
- Set-ComputerState.ps1, which reboots each computer in the list and reports on the success or failure of each reboot. This script also lets you log off users and power off or shut down computers.
I wrote two scripts instead of one because they're independently useful. When you just need to get the names of all the computers in a domain or OU, you can run Get-EnabledComputerCN.ps1 by itself. When you just need to reboot, power off, or shut down a few computers or log off a few users, you can use Set-ComputerState.ps1 by itself. When your needs change and you need to reboot, power off, or shut down all the computers or log off all the users in an OU or AD domain, you can easily combine the scripts using a single PowerShell command. I'll show you how to do this after I describe how to run the scripts individually.
Using Get-EnabledComputerCN.ps1
Get-EnabledComputerCN.ps1 is easy to use. The command to run the script follows the syntax
get-enabledcomputercn
-basename <String\[]>
[-searchscope <String>]
(Although this command syntax wraps here, you'd enter the command all on one line in the PowerShell console. The same holds true for the other sample commands that follow.)
You use the -basename parameter to specify one or more base distinguished names (DNs)—this is where the script will start searching for computers. If you specify a blank string ("" or '), the script uses the current domain's DN for the start of the search.
You use the -searchscope parameter to specify the search scope (Base, Onelevel, or Subtree). If you don't specify -searchscope, the default search scope is Subtree. If you specify Onelevel for the -searchscope parameter, the script searches for enabled computers in the named DNs, but it doesn't search in containers underneath the named DNs. You'll most likely never use a Base search. For more information about search scopes, see MSDN's "SearchScope Enumeration" web page.
Both the -basename and -searchscope parameters are positional, so you can omit the parameter names if you specify their values as the first and second parameters on the command line. For example, the command
get-enabledcomputercn ""
outputs a list of all enabled computers in the current domain. The command
get-enabledcomputercn
"OU=Sales,DC=wascorp,DC=net",
"OU=Mktg,DC=wascorp,DC=net"
outputs a list of enabled computers in the Sales and Mktg OUs (and any OUs underneath them) in the wascorp.net domain. Enclosing the DNs in double quotes causes PowerShell to interpret each DN as a distinct string. Without the quotes, PowerShell will interpret OU=Sales,DC=wascorp,DC=net as an array of three strings instead of a single string.