Skip to content

PowerShell Commands

Active Directory

# Get user details
Get-ADUser -Identity username -Properties *

# Search users by name
Get-ADUser -Filter {Name -like "*Smith*"} | Select-Object Name, SamAccountName, Enabled

# Unlock a user account
Unlock-ADAccount -Identity username

# Reset password and force change at next logon
Set-ADAccountPassword -Identity username -Reset -NewPassword (Read-Host -AsSecureString)
Set-ADUser -Identity username -ChangePasswordAtLogon $true

# Get group members
Get-ADGroupMember -Identity "Group Name" | Select-Object Name, SamAccountName

# Add user to group
Add-ADGroupMember -Identity "Group Name" -Members username

# Get computers not logged in for 90+ days
$cutoff = (Get-Date).AddDays(-90)
Get-ADComputer -Filter {LastLogonDate -lt $cutoff} -Properties LastLogonDate |
    Select-Object Name, LastLogonDate | Sort-Object LastLogonDate

Microsoft Graph / Exchange Online

# Connect to Exchange Online
Connect-ExchangeOnline -UserPrincipalName admin@domain.com

# Connect to Microsoft Graph
Connect-MgGraph -Scopes "User.Read.All","Group.ReadWrite.All"

# Connect to Azure AD (Entra ID)
Connect-MgGraph -TenantId "tenant-id" -Scopes "Directory.ReadWrite.All"

# Get all licensed users
Get-MgUser -Filter "assignedLicenses/`$count ne 0" -ConsistencyLevel eventual -CountVariable licCount -All |
    Select-Object DisplayName, UserPrincipalName, AccountEnabled

File & Storage

# Get folder sizes
Get-ChildItem -Path C:\Logs -Directory |
    ForEach-Object {
        $size = (Get-ChildItem $_.FullName -Recurse -File | Measure-Object Length -Sum).Sum
        [PSCustomObject]@{ Folder = $_.Name; SizeMB = [math]::Round($size/1MB, 2) }
    } | Sort-Object SizeMB -Descending

# Find files modified in last 24 hours
Get-ChildItem -Path C:\Logs -Recurse -File |
    Where-Object { $_.LastWriteTime -gt (Get-Date).AddHours(-24) }

# Bulk rename files
Get-ChildItem -Path . -Filter "*.txt" |
    Rename-Item -NewName { $_.Name -replace "old", "new" }

Network

# Test port connectivity
Test-NetConnection -ComputerName server.domain.com -Port 443

# Get network adapters
Get-NetAdapter | Where-Object { $_.Status -eq "Up" }

# Get IP addresses
Get-NetIPAddress -AddressFamily IPv4 | Where-Object { $_.PrefixOrigin -ne "WellKnown" }

# Resolve DNS
Resolve-DnsName google.com -Type A

System

# Get installed software
Get-Package | Select-Object Name, Version | Sort-Object Name

# Check pending reboots
$reboot = $false
if (Test-Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending") { $reboot = $true }
if (Test-Path "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations") { $reboot = $true }
Write-Output "Reboot pending: $reboot"

# Get last boot time
(Get-Date) - (gcim Win32_OperatingSystem).LastBootUpTime

# Check disk health
Get-PhysicalDisk | Select-Object FriendlyName, HealthStatus, OperationalStatus, Size

Useful One-Liners

# Export AD users to CSV
Get-ADUser -Filter * -Properties DisplayName,EmailAddress,Department |
    Select-Object Name,DisplayName,EmailAddress,Department |
    Export-Csv -Path .\users.csv -NoTypeInformation

# Find large files > 500MB
Get-ChildItem -Path C:\ -Recurse -File -ErrorAction SilentlyContinue |
    Where-Object { $_.Length -gt 500MB } |
    Select-Object FullName, @{N="SizeMB";E={[math]::Round($_.Length/1MB,2)}} |
    Sort-Object SizeMB -Descending

# Get uptime of remote machines
$servers = "server1","server2","server3"
$servers | ForEach-Object {
    $os = Get-CimInstance -ComputerName $_ -ClassName Win32_OperatingSystem
    [PSCustomObject]@{ Server = $_; Uptime = (Get-Date) - $os.LastBootUpTime }
}