The server rebooted recently – who did it and when exactly?

Event ID 1074 covers a few activities beyond reboots, such as shutdown

Get-EventLog -log system –newest 1000 | where-object {$_.eventid –eq ‘1074’} | format-table machinename, username, timegenerated –autosize

Query a remote system:

Get-WinEvent -LogName System -maxevent 3 -FilterXPath ‘*[System[(EventID=1074)]]’ -ComputerName WIN8-DOT1 | format-table machinename, userid, timecreated –autosize

Parse a list of system names:

Get-Content c:\serverlist.txt | ForEach-Object {Get-WinEvent -LogName System -maxevent 3 -FilterXPath ‘*[System[(EventID=1074)]]’ –ComputerName $_} | format-table machinename, userid, timecreated –autosize

Is there an easy way to see if KB2862152 is installed?

  • From the local system itself:
    • Get-Hotfix -id kb2862152

If the patch is installed, you’ll get a nice formatted output of where/what/who/when:

  • Query a remote system:
    • Get-Hotfix –id kb2862152 –computername WS2008R2-DC01
  • Parse a handful of system names:
    • Get-Hotfix –id kb2862152 -computername WS2012R2-DC01,WIN8-DOT1| Out-Gridview –Title “KB2862152 Status”

     

I need to backup all of the GPOs in the domain every day

  • Create a Scheduled Task in each domain that runs the following:
    • Backup-GPO –all –path \\AdminServer\GPO-Backups

What are the IP settings on my system(s)?

  • From the local system itself
    • Get-WMIobject win32_networkadapterconfiguration | where {$_.IPEnabled -eq “True”} | Select-Object pscomputername,ipaddress,defaultipgateway,ipsubnet,dnsserversearchorder,winsprimaryserver | format-Table -Auto
  • Query a remote system
    • Get-WMIobject –computername WS2008-DC01 win32_networkadapterconfiguration | where {$_.IPEnabled -eq “True”}| Select-Object pscomputername,ipaddress,defaultipgateway,ipsubnet,dnsserversearchorder,winsprimaryserver | format-Table –Auto
  • Parse a list of system names and use Get-CIMInstance – a newer CMDlet and faster than Get-WMIObject
    • Get-CIMInstance Win32_NetworkAdapterConfiguration -Filter ‘IPEnabled = true’ -ComputerName (Get-Content C:\SERVERLIST.TXT) | Select-Object pscomputername,ipaddress,defaultipgateway,ipsubnet,dnsserversearchorder,winsprimaryserver | Format-Table -AutoSize | out-file c:\IPSettings.txt

 

What are the BIOS versions on my systems?

  • From the local system itself:
    • Get-WMIobject win32_bios | Select-Object pscomputername,name
  • Query a remote system
    • Get-WMIobject -computername WS2008R2-DC01 win32_bios| Select-Object pscomputername,name
  • Parse a list of system names
    • Get-Content c:\serverlist.txt | Foreach-Object {Get-WMIobject -computername $_ win32_bios}| Out-Gridview
    • Or another way…
    • Get-WMIobject -computername (Get-Content c:\serverlist.txt) win32_bios | Select-Object pscomputername,name| out-file c:\BIOSversions.txt

A few more …

  • Are all of my DCs GCs?
    • Get-AdDomainController -Filter * | Select hostname,isglobalcatalog | Format-table -auto
  • Which accounts in my domain are enabled and set to never expire the password?
    • Search-ADAccount -PasswordNeverExpires | Select-Object Name, Enabled | convertto-html > c:\pwdneverexpire.html
  • How can I parse an input file of some AD attribute for users (SAM Account name in this case) and map those entries to another attribute for those users (the DN in this case)?
    • Get-Content C:\userlist.csv | foreach {Get-ADuser $_ | select distinguishedname,samaccountname}| export-csv –path c:\newuserlist.csv
  • What is the OS version and Service Pack level for all of my Windows systems in a certain OU?
    • Get-ADComputer -SearchScope Subtree -SearchBase “OU=PCs,DC=DOMAIN,DC=LAB” –Filter {OperatingSystem -Like “Windows*”} -Property * | Format-Table Name, OperatingSystem, OperatingSystemServicePack
  • Stop and/or Start all of your lab VMs
    • Get-VM | Stop-VM
    • Get-VM | Start-VM