..

Useful Powershell Commands

The following are PowerShell commands that I have found useful in the past (in no particular order).

  1. View log file contents in real-time
    Get-Content -Path "D:\path\to\file.txt" -Wait

  2. Filter event logs
    Get-WinEvent -FilterHashtable @{logname='system'; ProviderName='Service Control Manager'} | Where-Object {$_.Message -like '*buffer*' }

  3. Get user group membership (either SGs or DLs)
    Enable Active Directory module for Windows PowerShell in Remote Server Administration Tools > Role Administration Tools > AD DS and AD LDS Tools.
    Get-ADPrincipalGroupMembership first.last | Where-Object -FilterScript {$_.GroupCategory -eq 'Security'} | select name

  4. Get user AD GUID
    Get-ADUser first.last -Properties obj*

  5. Remotely log off user
    First, check the session number with qwinsta:
    QWINSTA /server:YOURCOMPUTERNAMEHERE

    Then reference the session ID in the logoff command:
    LOGOFF YOURSESSIONIDHERE /server:YOURCOMPUTERNAMEHERE

  6. Return list of largest files
    gci -r|sort -descending -property length | select -first 50 name, @{Name="Gigabytes";Expression={[Math]::round($_.length / 1GB, 2)}},directory