Microsoft’s PowerShell can be an awesome tool to manage the Windows operating system, as well as the Azure cloud. What is PowerShell used for? Put simply, Microsoft created PowerShell to make things like task automation and configuration management easier. Admins like it because:
- It’s open source
- It’s more powerful than the Command Prompt
- It lets you accomplish many simple tasks with a single line of code, rather than several,
- It has the ability to string together multiple commands, if needed,
- It allows you to simplify and automate tedious and repetitive tasks
Safe to say we are all in for simplifying and automating anything tedious. And accomplishing needed tasks with fewer lines in always an appreciated efficiency.
One of the easiest ways to show what PowerShell can do is with some examples. Here are some of the PowerShell one-liners I use on a regular basis. Most of these are used for tracking users and computer counts–though PowerShell can be used for a lot more, obviously.
Chris’s Favorite PowerShell One-Liners
For these, you will need to import the Active Directory Module.
Some of the variables used:
$date = (get-Date).tostring()
$week = (Get-Date).AddDays(-7)
$domain = (get-addomain).name
$tspan = “195”
1. Getting the total number of users in the domain with PowerShell
The first one gets the total number in the domain and writes the output to the screen.
Write-host “Getting total user count $totaluser = get-aduser -Filter * -Properties Name Write-host $totaluser.count -ForegroundColor Green “Total number of users in $Domain”
2. Finding all the disabled users with PowerShell
This finds all the disabled users:
Write-host "Getting disable users" $disabledusers = Search-ADAccount -UsersOnly -AccountDisabled |select name,DistinguishedName,LastLogonDate Write-Host $disabledusers.count -ForegroundColor Green “Number of disabled users”
3. Two easy, good reports for your cybersecurity initiatives
Security allies finds the next two reports very interesting. Dummy accounts represent a vulnerability in your system, and so finding users that have accounts but have never logged in is a good idea. Another potential vulnerability are users who have a password that never expires.
Shows users accounts that are enabled but have never logged in. It checks the Lastlogintimestamp attribute for a blank value.
write-Host "Getting never logged User accounts that are enabled" $Neverlogin = get-aduser -f {-not ( lastlogontimestamp -like “*”) -and (enabled -eq $true)} |select name,DistinguishedName Write-host $Neverlogin.count -foreground Green “Getting never logged User accounts that are enabled”
Shows users who are enabled and have a password set to never expire.
write-Host "Getting users whose password are set to Never expire" n $passNeverExpire = Search-ADAccount -PasswordNeverExpires -UsersOnly |Where-Object { $_.Enabled -eq $true } |select name,DistinguishedName Write-host $passNeverExpire.count -ForegroundColor Green “Number of users with Password set to never expire”n
4.Finding inactive users (no activity for 195 days or more)
Here is one for finding inactive users. It uses the variable $tspan set to 195. It can be used to clean up old accounts that have not be logged into for 195 days.
write-Host "Getting inactive User accounts the are enabled" n $inacUser = Search-ADAccount -AccountInactive -TimeSpan $tspan -UsersOnly |Where-Object { $_.Enabled -eq $true } |select name,DistinguishedName,LastLogonDate Write-host $inacuser.count -foreground Green “Number of inactive user accounts that are enabled”n
5. New Users
Here’s one that will show which accounts were created in the last 7 days. Used to monitor account creation, if you are noticing a lot of accounts are getting created could be a sign of hacking.
write-Host "Getting users created within a week." n $ADuserInWeek = Get-ADUser -Filter {whenCreated -ge $week} -Properties Whencreated | select Name,whenCreated,DistinguishedName Write-Host $ADUserinweek.count -ForegroundColor Green “Number of users created in the last 7 days” `n
6. Stringing it all together
Remember how I said that PowerShell also lets you string commands together?
Here’s a useful example:
I often get asked “How active users are there?” Simply question, but the answer might not be so straightforward.
Using the output from above you can subtract $disabledusers, $Neverlogin, and $inacUser from $totaluser. There it is! Your total number of active users.
7. And of course…
help [command] -full
Never a bad idea to have that one in your back pocket, if for no other reason that you sometimes want to know what all the possible parameters are on a command.
Some Final Words on PowerShell
A few final tips:
- Some PowerShell lines can get long, typically if you are passing a lot of parameters. There are ways around this.
- Use a PowerShell command often? Don’t waste time retyping it. Press [F7] to view your recent history, select a command, and then press [Enter] to run it.
- Want a PowerShell script to just run quietly in the background and then ping you when done? You can have a script send you an email!
And of course:
- Even user with lots of PowerShell experience have to look things up. Don’t be afraid to search, learn, try things, and search again.
- But use a little caution. Even if you’re just getting information, test everything in a sandbox before trying it.
If you want the full docs on PowerShell from Microsoft, start here.
If you truly want to get lost in a forest of PowerShell commands, try the gallery.
Finally, if you are simply looking to automate some of your IT processes to free up your staff’s time, talk to us. Seriously, that’s what we do day-in and day-out.