PowerShell commands commonly used by system administrators

Last week beans took part in the 2-day meeting of Microsoft TechEd Sydney. The conference consisted of more than 50 lectures, including development, architecture, and movement in 3 major directions. One of the 300-level lectures introduces some common commands for system administration. These commands, most of the beans are very familiar, here again restudying. As a system administrator, generally for long-winded scripts, various parameters, loops, judgment statements, input and output, etc. are at a respectful distance ~ But the short command line statement can still try.

Before you begin, say the two most basic commands. Get-command and help.

Get-command can search for relevant commands, and help can search for specific examples.

For example, I want to create a new virtual machine, but I don't know what the commands are, so search for it.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/4D/AD/wKiom1RXDsawOcS-AAF69qdkuJ0113.jpg "style=" float: none; "title=" 0-1.png "alt=" Wkiom1rxdsawocs-aaf69qdkuj0113.jpg "/>

Search for a bunch of commands come out, then how to use it, look at the Help document, if you do not want to see the specific syntax, direct input-examples look at the example is good. You can then copy and paste directly to use it.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/4D/AC/wKioL1RXDyWwj3xOAAIvTJU2PkY810.jpg "style=" float: none; "title=" 0-2.png "alt=" Wkiol1rxdywwj3xoaaivtju2pky810.jpg "/>

At the same time, 工欲善其事, its prerequisite. The help document needs to be updated to the latest version.

Updating the Help document is simple, and the input help-update will be updated.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/4D/AC/wKiom1RXDVqT0sCnAADFMonZkJE662.jpg "title=" 0.PNG " alt= "Wkiom1rxdvqt0scnaadfmonzkje662.jpg"/>

Knowing the two most basic commands, let's take a look at the topic, more than 30 common system management operations can be implemented in PowerShell.

Network basic configuration and view:

1. The system administrator used to query the IP address is generally accustomed to use Ipconfig/all, now can be replaced with get-netipconfiguration-detailed.

   650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/4D/A7/wKiom1RW10mii2qRAAGWZsDZSI4674.jpg "title=" 1.PNG " alt= "Wkiom1rw10mii2qraagwzsdzsi4674.jpg"/>

2. View network card information

Get-netadapter

Get-netadapterstatistics

Get-netipaddress

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/4D/AC/wKiom1RXCdzCw-psAAD7a19GYdo674.jpg "title=" 2.PNG " alt= "Wkiom1rxcdzcw-psaad7a19gydo674.jpg"/>

3. Configure IP Address new-netipaddress

This command is typically used when initializing a configuration under Windows Core server, or with sconfig or traditional netsh interface commands

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/4D/AC/wKioL1RXC33DtolnAABfg4XhO8c838.jpg "title=" 3.PNG " alt= "Wkiol1rxc33dtolnaabfg4xho8c838.jpg"/>

This command looks rather verbose, with more parameters, as stated above, and if you don't remember, look at the examples of help.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/4D/AD/wKiom1RXEiCTDRmFAANGDBulEsU409.jpg "title=" 4.PNG " alt= "Wkiom1rxeictdrmfaangdbulesu409.jpg"/>

4. Configure DNS

Set-dnsclientserveraddress

Similarly, this is a common command under Server Core, and of course it can be done by Sconfig configuration or the DOS command netsh interface.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/4D/AD/wKiom1RXEtjyK7xqAAHrWoGWWsE200.jpg "title=" 5.PNG " alt= "Wkiom1rxetjyk7xqaahrwogwwse200.jpg"/>

Network error Checking

The traditional first step in troubleshooting is to determine whether the route and port are open via Ping,tracert or Telnet. Like what

Ping 10.1.1.1

Tracert www.baidu.com

Telnet 8.8.8.8 53

PowerShell the following command has been implemented.

5. PING the remote server

Test-netconnection www.google.com

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/4D/AC/wKioL1RXFOaghflkAAC8Yc99YjA971.jpg "style=" float: none; "title=" 6.PNG "alt=" Wkiol1rxfoaghflkaac8yc99yja971.jpg "/>

6. Telnet Port

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/4D/AD/wKiom1RXFIjx2mBrAADBnse8IKA646.jpg "style=" float: none; "title=" 7.PNG "alt=" Wkiom1rxfijx2mbraadbnse8ika646.jpg "/>

7. Trace Path

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/4D/AC/wKioL1RXFOfDHYyiAADr-xzjEdc875.jpg "style=" float: none; "title=" 8.PNG "alt=" Wkiol1rxfofdhyyiaadr-xzjedc875.jpg "/>

Operations for Windows Services

These operations are simple and straightforward

8. Restart the service

Restart-service

9. Get the current service

get-service| Out-gridview

Note that the output format of the Out-gridview, all the PS command is universal, you can use the results of the table character output, so that users can manually sort or add criteria (criteria), is not very simple

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/4D/AC/wKioL1RXFh_DjZdkAAIlM_YloNY982.jpg "title=" 10.PNG "alt=" Wkiol1rxfh_djzdkaailm_ylony982.jpg "/>

10. Stop, start, configure the service

Stop-service

Start-service

Set-service

AD and domain operations, this could be the most memorable part of a Windows 2012 system administrator.

11. Computer renaming, if the operation through the graphical interface, you need to right-click on the computer, then the properties and then the Advanced property settings, and then the computer name from the can be modified from the command line directly modified, which is also initialized under the Server core settings must be, change the name, restart, and then join the domain

Rename-computer XXX

12. Restart the computer restart-computer, of course, the traditional shutdown/r/f/t I also feel good

13. Shutdown Shutdown-computer

14. Join the domain add-computer-domainname test.com

15. Repair the ad's trust relationship. This command is a very new command for the beans. Traditional if a computer cannot verify the ad, the simplest solution is to quit the domain, restart, and then rejoin the domain and restart. You can now repair it directly on your computer by executing the following command.

If executed directly, he will make a judgment, true means OK; False indicates that the ad cannot be connected, then an administrator password is required for repair

For example

Test-computersecurechannel-credential Domain\admin-repair

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/4D/AC/wKioL1RXGEqAgrLAAAL4yYPhGNQ502.jpg "title=" 11.PNG "alt=" Wkiol1rxgeqagrlaaal4yyphgnq502.jpg "/>

16. Configure the Firewall profile

Set-netfirewallprofile

Like the simplest example, open the domain,public and private firewalls.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/4D/AC/wKioL1RXGUjTUyWAAAC7rgQMMI8913.jpg "title=" 12.PNG "alt=" Wkiol1rxgujtuywaaac7rgqmmi8913.jpg "/>

17, configure the firewall policy, a long and long command, can not remember the words to see Help help-examples

New-netfirewallrule, can be set out and come in the request service

Like the first 80 ports that forbid all going out, in other words, not on the net.

The second one prohibits all requests from the WINS server

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/4D/AD/wKiom1RXGY3xHLJyAAIHQKSt0Lw796.jpg "title=" 13.PNG "alt=" Wkiom1rxgy3xhljyaaihqkst0lw796.jpg "/>

18. Add roles and Features

Install-windowsfeature

For example, Windows 2012 below the default installation of. Net 3.5 is not installed, you must specify the corresponding path, of course, you can also specify the default installation path through the GPO, and then put the corresponding file in advance there is a good solution.

Install-windowfeature Net-framework-core-source D:\sources\sxs

19. Reset the ad user's password

These commands are convenient, save, and do not have to go into the ad Users and groups inside to change the password.

First, you can use converto-securestring to set an encrypted password

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/4D/B5/wKiom1RYAuXwwob_AABWUaJ9dbQ325.jpg "style=" float: none; "title=" 23.PNG "alt=" Wkiom1ryauxwwob_aabwuaj9dbq325.jpg "/>

Then reset the password via Set-adaccountpassword. The last PassThru's purpose is to show the account information.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/4D/B4/wKioL1RYA0XBYEzsAAFLyee7jwc024.jpg "style=" float: none; "title=" 24.PNG "alt=" Wkiol1rya0xbyezsaaflyee7jwc024.jpg "/>

You can also further, require users to change the password at the next logon

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/4D/B5/wKiom1RYAubD1j6CAABvsExCqDg015.jpg "style=" float: none; "title=" 25.PNG "alt=" Wkiom1ryaubd1j6caabvsexcqdg015.jpg "/>

With regard to AD operations, it is certain that the FSMO configuration is not bypassed. Almost all Windows System management interviews involve this issue. Traditional configurations can be configured via the GUI or via the Ntsutil command. PowerShell provides a much simpler way.

Beans once wrote a blog specific comparison of these several ways http://beanxyz.blog.51cto.com/5570417/1313693

We're not going to go into this.

20. Locating the FSMO

The basic format is as follows

Get-adforest test.com | FT Schemamaster

Get-adforest test.com | FT Ridmaster

21. Migrating the FSMO

Move-addirectoryserveroperationmasterrole

Configure the server, and you need to open Remote Desktop.

22. Open the RDP desktop, this actually has several places to configure. The most intuitive is through sconfig, you can also modify the registry, or open the firewall policy (3389 port)

Set-itemproperty-path ' hklm:\system\currentcontrolset\control\terminal server ' =name "fdenytsconnections"-value 0

Enable-netfirewallrule-displaygroup "Remote Desktop"

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/4D/B4/wKioL1RYBtiwhkBtAAQ6wLyst7Q517.jpg "title=" 26.PNG "alt=" Wkiol1rybtiwhkbtaaq6wlyst7q517.jpg "/>

23. View Hotfix

In general enterprises are to push the hotfix through WSUS, but sometimes the computer is not 100% can be successfully obtained. Can be judged by Get-hotfix.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/4D/B5/wKiom1RYBvSx8L_fAAPMDqqlm6I948.jpg "title=" 27.PNG "alt=" Wkiom1rybvsx8l_faapmdqqlm6i948.jpg "/>

24. Check the password never expires account

Administrators often set their own accounts to be out of date, although we require users to reset once every 60 days. This is true for many services running accounts. How do I search for these accounts? aduc can be searched directly, and PowerShell is also available.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/4D/B4/wKioL1RYCCDg7MbQAABBvwNxfxk008.jpg "title=" 28.PNG "alt=" Wkiol1ryccdg7mbqaabbvwnxfxk008.jpg "/>

25. Similar to the above method, we can search for accounts that have not been logged in recently, disable account, expired account, expiring account, etc.

For example, this will search for accounts that will expire within the next 6 days.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/4D/B5/wKiom1RYCNTQwJ1FAACDYbYSTis273.jpg "title=" 29.PNG "alt=" Wkiom1rycntqwj1faacdybystis273.jpg "/>

Hyper-V virtual machines

Hyper-V is the 2012 most important new feature, after all, Microsoft's virtualization platform and the private cloud are based on this. TechEd has a special lecture to discuss how to better use PowerShell under Hper-v.

The beans used by Windows 8.1 PowerShell below have 167 commands. Meaure can return a total number of rows of records

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/4D/AD/wKioL1RXHCvjgfFGAABuwk8THGM627.jpg "title=" 14.PNG "alt=" Wkiol1rxhcvjgffgaabuwk8thgm627.jpg "/>

So many instructions are not elaborated, probably to look at some of the most basic commands

Create a virtual machine

NEW-VM.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/4D/B4/wKiom1RX-UThxrd7AADlMfRfXE4539.jpg "style=" float: none; "title=" 15.PNG "alt=" Wkiom1rx-uthxrd7aadlmfrfxe4539.jpg "/>

Open Hyper-V Manager to see that the virtual machine has been created

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/4D/B4/wKioL1RX-aXhkbK3AAOfqxv-pIw750.jpg "style=" float: none; "title=" 16.PNG "alt=" Wkiol1rx-axhkbk3aaofqxv-piw750.jpg "/>

27. Configure the virtual network

After you create a virtual machine, you also need to assign a network. First look at what virtual machines are currently

Get-vm

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/4D/B4/wKiom1RX-1vwo_Z5AACX7kn8MyQ355.jpg "style=" float: none; "title=" 17.PNG "alt=" Wkiom1rx-1vwo_z5aacx7kn8myq355.jpg "/>

On this basis, you can continue to obtain information on the virtual network card Get-vmnetworkadapter

You can see that the newly created virtual machine is not currently assigned a network

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/4D/B4/wKioL1RX-7uB8nxNAADWP29B5cM045.jpg "style=" float: none; "title=" 18.PNG "alt=" Wkiol1rx-7ub8nxnaadwp29b5cm045.jpg "/>

Using Connect-vmnetworkadapter on this basis, you can bind the switch network.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/4D/B4/wKiom1RX-1zQQwOrAAB_MvFDCII932.jpg "style=" float: none; "title=" 19.PNG "alt=" Wkiom1rx-1zqqworaab_mvfdcii932.jpg "/>

And then verify that it's been assigned.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/4D/B4/wKioL1RX-7yxK-KlAADhlB3XTTQ112.jpg "style=" float: none; "title=" 20.PNG "alt=" Wkiol1rx-7yxk-klaadhlb3xttq112.jpg "/>

28. Create a restore point

GET-VM | CHECKPOINT-VM can create a restore point for the specified VM

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/4D/B5/wKiom1RX_cnClvPtAADOygMb5rs436.jpg "style=" float: none; "title=" 21.PNG "alt=" Wkiom1rx_cnclvptaadoygmb5rs436.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/4D/B4/wKioL1RX_inhsrgrAABzVMuOMDY006.jpg "style=" float: none; "title=" 22.PNG "alt=" Wkiol1rx_inhsrgraabzvmuomdy006.jpg "/>

This article is from the "Mapo Tofu" blog, please be sure to keep this source http://beanxyz.blog.51cto.com/5570417/1571507

PowerShell commands commonly used by system administrators