Using PowerShell to find Computer objects in AD that have inheritance disabled

I needed to find the computer objects in an AD OU that had inheritance disabled. Did the following:

And to extend this to enable inheritance on the affected objects:

Update (16th June 2022):

Reader Aleksey Avdeev sent the following one-liner:

Nice one! Way better than the one I came up with. I didn’t realize you could just pull the ntSecurityDescriptor property and query that. I also like how he gets the DN of the domain from Get-ADDOmain.

Also, as an FYI the same cmdlet can be run for users too via Get-ADUser instead of Get-ADComputer.