Written by I haven’t discovered an authoritative source which provides Primary Group IDs for computers, but here is what I have been able to put together.
- 515 – Domain Computers
- 516 – Domain Controllers (writable)
- 521 – Domain Controllers (Read-Only)
This information helps filter computer objects to return only the desired computer type.
Domain Computers (Workstation & Servers – No Domain Controllers)
[array]$DomainComputers = Get-ADComputer -Filter {PrimaryGroupID -eq 515}
Domain Controllers (All)
[array]$DomainControllers = Get-ADComputer -Filter {PrimaryGroupID -ne 515}
Domain Controllers (RODCs only)
[array]$RODCs = Get-ADComputer -Filter {PrimaryGroupID -eq 521}
