This is a quick blog post about some useful windows powershell commands an administrator will find useful on a day to day basis. Share the love
| Command | What it Does? |
| $psversiontable | Which version of powershell and I running |
| Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass | Allow execution of commands |
| Get-Printer | select Name, DriverName, PortName | Export-Csv Printers.csv -NoTypeInformation | List printers on a server |
| Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate | Format-Table –AutoSize >C:\temp\installed.txt | List installed programs on server |
| Get-ADDomainController -Filter * | Format-table name,domain, forest,site, ipv4address, operatingsystem | Find Domain Controllers |
| Get-Childitem -Path C:\windows -Recurse -Filter *.dll | Find any *dll* on filesystem – recursive |
| Get-ItemProperty .\install.xml | select * | Get Detailed File information |
| Search-ADAccount -LockedOut | Format-Table name,lastlogondate, lockedout, objectclass, passwordexpired, passwordneverexpires | Find locked out users |
| Search-ADAccount -AccountDisabled -UsersOnly | FT Name,ObjectClass -A | Find disabled users |
| Search-ADAccount -AccountInactive -TimeSpan 90.00:00:00 -UsersOnly | FT Name,ObjectClass -A | Find Users not logged in for 90 days |
| Search-ADAccount -AccountInactive -TimeSpan 90.00:00:00 -UsersOnly |Sort-Object | FT Name,ObjectClass -A | Find Users not logged in for 90 days & Sort |
| Search-ADAccount -AccountInactive -TimeSpan 90.00:00:00 -UsersOnly |Sort-Object -property lastlogondate | FT Name,ObjectClass,lastlogondate, lockedout, -A | Find Users not logged in for 90 days & Sort by last logon |
| Get-ADGroupMember -identity “Domain Admins†-recursive | select name | Export-csv -path C:\temp\Groupmembers.csv -NoTypeInformation | Find “domain admins” |
| Get-ADComputer -Filter ‘Name -like “gbsyn*”‘ -Properties canonicalName,CN,created,IPv4Address,objectclass,OperatingSystem,OperatingSystemServicePack | Find Computer with GBSYN* in the name |
| Get-ADPrincipalGroupMembership -identity ssi_rbailey | Sort-object | FT -property name, samaccountname -AutoSize | Find which AD groups a user is member of |
| Get-ADGroupMember -Identity “Domain Admins” -Recursive | %{Get-ADUser -Identity $_.distinguishedName -Properties Enabled | ?{$_.Enabled -eq $false}} | Select DistinguishedName,Enabled | Export-Csv c:\temp\result.csv -NoTypeInformation | Find Disabled Domain admins |
| Get-ADGroupMember -Identity “Domain Admins” -Recursive | %{Get-ADUser -Identity $_.distinguishedName -Properties Enabled | ?{$_.Enabled -eq $false}} | Select Name,SamAccountName,Enabled, objectclass | sort-object -Property name | Find Disabled Domain admins & Sort |
| Get-ADGroupMember -Identity “Domain Admins” -Recursive | %{Get-ADUser -Identity $_.distinguishedName -Properties Enabled | ?{$_.Enabled -eq $false}} | Select Name,SamAccountName,Enabled, objectclass | sort-object -Property name | Export-CSV C:\temp\DisabledDomainAdmins.csv | Find Disabled Domain admins & Sort & Export to CSV |
| Get-ADGroupMember -Identity “GROUPNAME” -Recursive | %{Get-ADUser -Identity $_.distinguishedName -Properties Enabled | ?{$_.Enabled -eq $true}} | Select Name,Enabled | Find members in a group |
| Get-Eventlog application -Newest 2000 |Â Where-Object {$_.entryType -Match “Error”} | Find Latest errors in Eventlog |
| Get-Eventlog system -Newest 2000 |Â Where-Object {$_.entryType -Match “Error”} | Find Latest errors in Eventlog |
| cd hkcu: | Navigate Registry like filesystem |
| ps | sort –p ws | select –last 5 | Find the five processes using the most memory |
| Restart-Service DHCP | Restar DHCP service |
| Get-ChildItem – Force | List all items within a folder |
| Get-ChildItem –Force c:\directory –Recurse | List all items within a folder & all subfolders |
| Get-WmiObject -Class Win32_Service -Filter “state = ‘running’ and startmode = ‘auto’” | Select-Object name, startmode, description | Format-table -AutoSize | Get list of Services that start automatically |
| [System.Reflection.Assembly]::LoadWithPartialName(‘Microsoft.SqlServer.SMO’) | Load SQL modules into memory |
| [System.Reflection.Assembly]::LoadWithPartialName(‘Microsoft.SqlServer.SMO’) | out-null $s = New-Object (‘Microsoft.SqlServer.Management.Smo.Server’) “servername” $dbs=$s.Databases $dbs | SELECT Name, Collation, CompatibilityLevel, AutoShrink, RecoveryModel | Discover SQL instances |
| Get-VIEvent -maxsamples 10000 | where {$_.Gettype().Name -eq”VmRemovedEvent”} | Sort CreatedTime -Descending | Select CreatedTime, UserName, FullformattedMessage -First 19 | Find Vm’s Remove last 10 days |
| $wu = new-object -com “Microsoft.Update.Searcher†$totalupdates = $wu.GetTotalHistoryCount() $all = $wu.QueryHistory(0,$totalupdates) # Define a new array to gather output $OutputCollection= @() Foreach ($update in $all) { $string = $update.title $Regex = “KB\d*†$KB = $string | Select-String -Pattern $regex | Select-Object {$_.Matches } $output = New-Object -TypeName PSobject $output | add-member NoteProperty “HotFixID†-value $KB.‘ $_.Matches ‘.Value $output | add-member NoteProperty “Title†-value $string $OutputCollection += $output } # Output the collection sorted and formatted: $OutputCollection | Sort-Object HotFixID | Format-Table -AutoSize Write-Host “$($OutputCollection.Count) Updates Found | Command to get all Installed KB (Windows Update) from Server |
| frminst.exe /remove=agent | Force uninstall McAffee when managed by another server (managed mode) |