└── README.md /README.md: -------------------------------------------------------------------------------- 1 | # PowerShell Commands 2 | 3 | Useful PowerShell one-liner (and some two-liner) commands. 4 | 5 | ## Table of Contents 6 | 7 | * [Active Directory User Commands](#active-directory-user-commands) 8 | * [Getting Started](#getting-started) 9 | * [Specific User Scenarios](#specific-user-scenarios) 10 | * [Computer Object Commands](#computer-object-commands) 11 | * [File Level Commands](#file-level-commands) 12 | 13 | ## Active Directory User Commands 14 | 15 | ### Getting Started 16 | 17 | Before running any Active Directory commands, you need to import the correct module. 18 | 19 | Import Active Directory Module 20 | 21 | ``` powershell 22 | Import-Module ActiveDirectory 23 | ``` 24 | 25 | Get All Active Directory Module Commands 26 | 27 | ``` powershell 28 | get-command -module ActiveDirectory 29 | ``` 30 | 31 | ### Specific User Scenarios 32 | 33 | Get All AD Information on a User in the Current Domain (the one you are running this from) 34 | 35 | ``` powershell 36 | Get-ADUser -Identity -properties * 37 | ``` 38 | 39 | Get All AD Information on a User in a Different Domain (assumes you have trust and permissions to access) 40 | 41 | ``` powershell 42 | Get-ADUser -Identity -server "domain" -properties * 43 | ``` 44 | 45 | Get All Members of a Group by name and ID 46 | 47 | ``` powershell 48 | Get-ADGroupMember -Identity -Recursive | select name,SamAccountName 49 | ``` 50 | 51 | Find All Groups a User is a Member of 52 | 53 | ``` powershell 54 | Get-ADPrincipalGroupMembership | select name 55 | Get-ADPrincipalGroupMembership -server "domain" | select name | Sort-Object -Property name 56 | ``` 57 | 58 | Add Member to an AD Group 59 | 60 | ``` powershell 61 | Add-ADGroupMember -identity "" -Member "" 62 | ``` 63 | 64 | Remove Member from an AD Group 65 | 66 | ``` powershell 67 | Remove-ADGroupMember -identity "" -Member "" 68 | ``` 69 | 70 | Find all users that are disabled 71 | 72 | ``` powershell 73 | Search-ADAccount -AccountDisabled -UsersOnly | Format-Table Name,SamAccountName ObjectClass -A 74 | ``` 75 | 76 | Find the Date/Time for When an Account Expires 77 | 78 | ``` powershell 79 | [datetime](Get-ADuser -Properties accountExpires).accountExpires 80 | ``` 81 | 82 | Find all Users with Locked Out Accounts 83 | 84 | ``` powershell 85 | Search-ADAccount -LockedOut | select name, samAccountName 86 | Search-ADAccount -LockedOut | Where-Object {$_.DistinguishedName -like "*DC=domain,DC=com"} | Select Name, LockedOut, LastLogonDate, PasswordExpired | Format-Table -AutoSize 87 | ``` 88 | 89 | Get AD User Information for List of Users and Output to CSV 90 | 91 | ``` powershell 92 | Get-Content C:\\users.txt | % {Get-ADUser -Identity $_ -properties * | select CN, samAccountName, EmployeeID, enabled, Description, Department, mlSubLobDescr, OfficePhone, Manager ,StreetAddress, LastLogonDate, LastBadPasswordAttempt, PasswordExpired} | Export-Csv C:\\user_lookup.csv 93 | ``` 94 | 95 | Get AD User Group Membership Information for List of Users and Output to CSV 96 | 97 | ``` powershell 98 | Get-Content C:\\users.txt | % {Get-ADPrincipalGroupMembership $_ | select name} | Export-Csv C:\\user_group_membership_lookup.csv 99 | ``` 100 | 101 | Get All Users of AD Groups for List of Groups and Output to CSV 102 | 103 | ``` powershell 104 | $groups = Get-Content C:\\groups.txt 105 | 106 | foreach ($group in $groups) { 107 | Get-ADGroupMember -Identity $Group | select @{Expression={$Group};Label="Group Name"},Name,SamAccountName | Export-CSV C:\\user_groups.csv -NoTypeInformation -append 108 | } 109 | ``` 110 | 111 | Get All Users of AD Groups Matching a Certain Name Format (i.e group name is like Local Admin) 112 | 113 | ``` powershell 114 | $groups = Get-ADGroup -Filter {name -like "*Admin*"} 115 | 116 | foreach ($group in $groups) 117 | { 118 | Get-ADGroupMember -Identity $Group -Server "domain" | Get-ADUser -Properties * | select @{Expression={$Group};Label="Common Name"},Name,enabled,LastLogonDate,GivenName,Surname,EmailAddress,title,department,mlSubLobDescr | Export-Csv C:\\local_admin_group.csv -NoTypeInformation -Append 119 | } 120 | ``` 121 | 122 | Find user information by AD attribute (i.e. DisplayName) 123 | 124 | ``` powershell 125 | Get-ADUser -Filter {DisplayName -like "*Bobby Administrator*"} -Properties * | Select name, DisplayName, EmailAddress, enabled, LastLogonDate, title, department, mlSubLobDescr | Format-Table -AutoSize 126 | ``` 127 | 128 | ## Computer Object Commands 129 | 130 | Find a Specific Service on a Computer using WMI 131 | 132 | ``` powershell 133 | get-wmiobject -query "SELECT * FROM Win32_Process where Name = ''" | select-object Name,CommandLine | Sort-Object -Descending Name 134 | ``` 135 | 136 | Find Computers by Operating System Type 137 | 138 | ```powershell 139 | Get-ADComputer -Filter * -Properties OperatingSystem | Select OperatingSystem -unique | Sort OperatingSystem 140 | ``` 141 | 142 | List all Servers in a Domain 143 | 144 | ``` powershell 145 | Get-ADComputer -Server "domain.com" -Filter {operatingsystem -like "*server*"} -Properties * | select enabled,name,operatingsystem,canonicalname,lastlogondate | Export-Csv C:\\computer_list.csv -Append -NoClobber 146 | ``` 147 | 148 | List all Servers in a Domain, but only return Enabled Computer Objects, and only return those logged into within the last 60 days from the current date, and only show the top 10 rows 149 | 150 | ``` powershell 151 | Get-ADComputer -Server "domain.com" -Filter {(operatingsystem -like "*server*") -and (enabled -eq "TRUE")} -Properties * | where {$_.LastLogonDate -ge (Get-Date).AddDays(-60)} | select enabled,name,operatingsystem,canonicalname,lastlogondate | Format-Table -AutoSize | select -First 10 152 | ``` 153 | 154 | Find All Domain Controllers in a Specific Domain 155 | 156 | ``` powershell 157 | Get-ADDomainController -Filter * -server | Select-Object name, domain 158 | ``` 159 | 160 | Find Out Information About a Specific Computer by Hostname 161 | 162 | ``` powershell 163 | Get-ADComputer -Filter {Name -Like ""} -Property * | Format-Table Name,ipv4address,OperatingSystem,OperatingSystemServicePack,LastLogonDate -Wrap -Auto 164 | ``` 165 | 166 | Find Host Information from TXT File of Hosts 167 | 168 | ``` powershell 169 | Get-Content C:\\file.txt | % {Get-ADComputer -Identity $_ -server -properties * | select name, ipv4address, operatingsystem, distinguishedname} | Export-Csv C:\\output.csv -Append -NoClobber 170 | ``` 171 | 172 | Get the CN and DN for each Organizational Unit in a Specific Domain 173 | 174 | ``` powershell 175 | Get-ADOrganizationalUnit -server "domain.com" -Filter * -Properties CanonicalName | Select-Object -Property CanonicalName, DistinguishedName | Sort-Object CanonicalName, ascending 176 | ``` 177 | 178 | Get All Computer Objects in a Particular OU in a Particular Domain 179 | 180 | ``` powershell 181 | Get-ADComputer -server "domain.com" -SearchBase 'OU=NA,OU=USA,OU=HQ,DC=domain,DC=com' -Filter '*' -Properties * | Select name, ipv4address, operatingsystem, CanonicalName, distinguishedname | Format-Table -AutoSize 182 | ``` 183 | 184 | Get All Computer Objects from a TXT File of OUs 185 | 186 | ``` powershell 187 | Get-Content C:\\computer_ous.txt | % {Get-ADComputer -Server "domain.com" -SearchBase $_ -Filter '*' -Properties * | Select name,ipv4address,operatingsystem,CanonicalName,distinguishedname,enabled} | Export-Csv C:\\computers_in_ous.csv -Append -NoClobber 188 | ``` 189 | List the IP address of the current machine 190 | 191 | ``` powershell 192 | $env:HostIP = ( Get-NetIPConfiguration | Where-Object { $_.IPv4DefaultGateway -ne $null -and $_.NetAdapter.Status -ne "Disconnected"}).IPv4Address.IPAddress 193 | ``` 194 | 195 | ## File Level Commands 196 | 197 | Recursively Remove Files Older than a Certain Day in a Directory 198 | 199 | ``` powershell 200 | Get-ChildItem -Path "C:\\\" -Recurse | Where-Object CreationTime -gt (Get-Date).AddDays(-180) | Remove-Item -Recurse 201 | ``` 202 | 203 | Generate a SHA256 hash of a file 204 | 205 | ``` powershell 206 | Get-FileHash "C:\\\" -Algorithm SHA256 | Select-Object -Property Hash 207 | ``` 208 | 209 | Create a new directory in the same directory as your script 210 | 211 | ``` powershell 212 | New-Item -Path ($PSScriptRoot + "directoryname") -ItemType directory | Out-Null 213 | ``` --------------------------------------------------------------------------------