Primary Group IDs are the RIDs for the Domain groups. The full list is here: Interesting Windows Computer & Active Directory Well-Known Security Identifiers (SIDs).
- 515 – Domain Computers
- 516 – Domain Controllers (writable)
- 521 – Domain Controllers (Read-Only)
This information helps filter computer objects to return only the desired computer type.
Domain Computers (Workstation & Servers – No Domain Controllers)
Import-Module ActiveDirectory
Get-ADComputer -Filter {PrimaryGroupID -eq 515}
Domain Controllers (All)
Import-Module ActiveDirectory
Get-ADComputer -Filter {PrimaryGroupID -ne 516}
Domain Controllers (RODCs only)
Import-Module ActiveDirectory
Get-ADComputer -Filter {PrimaryGroupID -eq 521}
(Visited 17,969 times, 1 visits today)
Recent Comments