Some useful Powershell One Liners

Print Friendly

Find Public IP address

(Invoke-RestMethod ipinfo.io/json).ip

Traceroute

tnc google.com -tr

Check if a port is open

tnc google.com -p 443

Check if a specific update is installed

Get-Hotfix|Where-Object {$_.HotfixID -match "KB5018410"}

Search for a specific file type in a directory (files over 900MB)

Get-ChildItem -Path "\\fileserver\e$\Data\Folder1" -Filter *.zip -Recurse  -ErrorAction SilentlyContinue -Force | where-object {$_.length -gt 924288000}

Time of the last reboot

(Get-CimInstance Win32_OperatingSystem).LastBootUpTime

Find time and initiating user of last system reboot

Get-EventLog -log system -newest 10000 | where-object {$_.eventid -eq '1074'} | format-table machinename, username, timegenerated -autosize

Tail a file

Get-Content ./logfile.log -Tail 5 –Wait

Display all Domain Controllers

Get-ADDomainController -Filter * -server domain.com | Select-Object name, domain

Display information about a specific computer

Get-ADComputer -Filter {Name -Like ""} -Property * | Format-Table Name,ipv4address,OperatingSystem,OperatingSystemServicePack,LastLogonDate -Wrap -Auto

Get all Name Servers in a zone

Get-DnsServerResourceRecord -ZoneName "domain.com" -ComputerName "DC" -RRType "NS" -Node

Search AD Name Server for specific Hostname entry

Get-DnsServerResourceRecord -ZoneName "domain.com" -ComputerName "DC" | where {$_.hostname -like "*gavriil*"} | ft -autosize

Search AD Name Server for specific IP Address entry

Get-DnsServerResourceRecord -ZoneName "domain.com" -ComputerName "DC" | where {$_.RecordData.Ipv4Address.IPAddressToString -contains '192.168.1.83'} | ft -autosize

Search for a user in Active Directory

Get-ADUser -Filter {name -like 'gabriel*'}

Get AD users created in the last 30 days

Get-ADUser -Filter * -Properties whenCreated, description | Where-Object {$_.whenCreated -ge ((Get-Date).AddDays(-30)).Date} |select samaccountname, description

Search all DCs for account lockout events and output to file

ipmo activedirectory;$(Get-ADDomainController -Filter  {(OperatingSystem -ne "") -and (IsReadOnly -ne "True")} | %{Get-WinEvent -ComputerName $_.name -LogName security -FilterXPath "*[System[EventID='4740']]" | Select machinename,TimeCreated,@{Label='User Name';Expression={$_.Properties[0].Value}},@{Label='Client Name';Expression={$_.Properties[1].Value}}}) | Out-File C:\lockout.txt
This entry was posted in Windows. Bookmark the permalink.

Comments are closed.