It comes up all the time when I want to know if anything in AD is not listed in CM and has a client, etc. If you work for an organization that is blessed with having excellent asset management, you could compare CM directly against your CMDB. But, everyone is not this blessed as it turns out. And reality being, you really should compare everything in AD to everything in CM. If its a domain joined computer, you'll probably want to know if it is or is not being managed by CM.
I wrote this script that collects the following data from AD and CM:
- Computer Name
- Operating System (OperatingSystem)
- Last Logon (LastLogon)
- Password Last Set (PasswordLastSet)
- Canonical Name (CanonicalName)
- Organizational Unit (OrgUnit)
- InConfigMgr (Is the computer in ConfigMgr by name?)
- CMClient (Does the computer have a CM Client installed?)
- LastPolicyRequest (the last time the computer has requested policy from CM)
Executing the Script
So, let's collect our system data.
- Download and extract the script file Get-ADCMComparison.ps1.
- Download from below, or get the ps1 directly from GitHub
- Load the functions:
- Execute the script with the following:
Export-ADCMComparison -SiteServer CM01.domain.com -CMSite SS1 -CSVPath C:\Shared\Computers.csv
- Or add a date to the csv file name:
Export-ADCMComparison -SiteServer CM01.domain.com -CMSite SS1 -CSVPath C:\Shared\Computers_$(get-date -Format yyyyMMdd).csv
Let that cook for a while. Depending on the size of your environment, this could take a while to complete. But, once it is done, open your CSV in Excel and enjoy your discoveries! Be wary, such a report may generate work for you, or someone else. :-)