前言:
对于一个Windows server运维的管理员来说,powershell 命令至关重要,它不仅仅能够提高你的工作效率,也是你工作中的好帮手,所以应该静下心来好好学习命令,虽然一开始不太习惯用着用着你就会爱不释手。
一、AD对象日常管理
- 用户管理
例子1:统计OU下总共有多少个AD账号
(Get-ADUser -Filter * -SearchBase "OU=cn,OU=employee,dc=contoso,dc=com").count例子2:统计OU下总共有多少个是为TURE的AD用户,并且导出数据
get-aduser -searchbase 'OU=cn,OU=employee,DC=CONTOSO,DC=COM' -filter *|where {$_.enabled -eq "True"}|select name,surname|Export-Csv -Encoding Utf8 -NoTypeInformation :\aduser.txt例子3:统计某个特定OU下总共有多少个是为TURE的AD用户,并且统计总数
(get-aduser -searchbase 'OU=IT,OU=cn,OU=employee,DC=CONTOSO,DC=COM' -filter *|where {$_.enabled -eq "True"}|select name,surname).count例子4:统计OU下总共有多少个是为Flase的AD用户
Search-ADAccount -AccountDisabled -Searchbase "OU=cn,OU=employee,dc=contoso,dc=com" |select -property name|Export-Csv -Encoding Utf8 -NoTypeInformation D:\inactive_user.txt例子5:查询用户AD账号的基本属性
Get-ADUser -Identity "felic" -Properties * |Select-Object surname,name,department,EmployeeNumber,info,telephoneNumber,departmentNumber
例子6:查询用户最后修改密码的时间
Get-ADUser -Identity "" -Properties * |select name,@{N='pwdLastSet'; E={[DateTime]::FromFileTime($_.pwdLastSet)}}例子7:从 AD 获取尝试错误密码信息,并且是在最近一天的信息,导出信息以便分析
Get-ADUser -Filter * -Properties * |Select-Object AccountLockoutTime,LastBadPasswordAttemptBadPwdCount,LockedOut | Where {$_.LastBadPasswordAttempt -gt (Get-Date).AddDays(-1)} |Export-Csv -Encoding Utf8 -NoTypeInformation D:\pwdlast.csv例子8:查询此AD域内所有用户的创建日期
Get-ADuser -filter * -Properties * | Select-Object Name,SID, Created,PasswordLastSet,@{n="lastLogonDate";e={[datetime]::FromFileTime($_.lastLogonTimestamp)}}例子9:查询OU中所有30天内未登录的AD帐号,且排除从未登录的新账号,导出分析
Get-ADUser -SearchBase "ou=employee,DC=contoso,dc=com" -filter * -Properties * |Select-Object Name,sid,Created,passwordLastSet,@{n="lastLogonDate";e={[datetime]::FromFileTime($_.lastlogonTimestamp)}}|where{$_.lastlogondate -lt (get-date).AddDays(-30)} | Export-Csv -Encoding Utf8 -NoTypeInformation D:\inactive-aduser.csv例子10:最后登录时间以及密码输入错误时间
Get-ADUser -Identity tony.hu -Properties LastLogonDate, LastBadPasswordAttempt
- 计算机管理
例子1:查询某个OU下的computer操作系统版本,计算机名称,补丁信息,最后登录时间
Get-ADComputer -searchbase 'ou=Computer_Office,ou=Computer,dc=contoso,dc=com' -Filter * -Property * | Select-Object Name,OperatingSystem,OperatingSystemServicePack,OperatingSystemVersion, LastLogonDate |Export-Csv -Encoding Utf8 -NoTypeInformation D:\ComputerInformation.csv例子2:查询某个Group下的computer操作系统版本,计算机名称,补丁信息
Get-ADGroupMember -Identity "GPO_USB_Allow" -Recursive |Get-ADComputer -Property * |Select-Object Name,OperatingSystem,OperatingSystemServicePack,OperatingSystemVersion | Export-Csv -Encoding Utf8 -NoTypeInformation D:\GPO_USB_Allow.csv- 用户组管理
例子1:过滤某个group下的用户属性
Get-ADGroupMember -Identity "groupname" -Recursive | Get-ADUser -Properties Mail | Select-Object Name,Mail |Export-Csv -Encoding Utf8 -NoTypeInformation d:\groupdetail.csv例子2:过滤某个OU下的群组,并且是通讯组
Get-ADGroup -Filter 'groupcategory -eq "distribution"' -SearchScope Subtree -SearchBase "OU=cn_group_it,OU=cn,DC=contoso,DC=com"|Select-Object name |Export-csv -Encoding Utf8 -NoTypeInformation D:\groupinfo.csv二、计算机管理
- 查看磁盘信息:可以直接粘贴运行,当然也可以写成PS1来执行
$DiskCount = ((Get-WmiObject -Class Win32_DiskDrive).Caption).count
#获取磁盘分区大小
$DiskInfo = Get-WmiObject -Class Win32_LogicalDisk
echo "--------------------统计磁盘分区状况-------------------------"
echo " 驱动器号 分区空间 可用空间 文件系统 "
foreach ($Drivers in $DiskInfo)
{
$PartitionID = $Drivers.DeviceID
$PartitionSize = "{0:N2}GB" -f ($Drivers.Size/1GB)
$PartitionFreeSize = "{0:N2}GB" -f ($Drivers.FreeSpace/1GB)
$PartitionFS = $Drivers.FileSystem
echo " $PartitionID $PartitionSize $PartitionFreeSize $PartitionFS "
}
- 查询网络信息
获取网卡信息:
Get-NetAdapter
关闭网卡:
Disable-NetAdapter -Name "Embedded LOM 1 Port 3"
开启网卡:
enable-NetAdapter -Name "Embedded LOM 1 Port 4"- 获取计算机开机时间:可以直接粘贴运行,当然也可以写成PS1来执行
$RunTime = (Get-WmiObject -Class Win32_OperatingSystem -Namespace root\CIMV2).lastbootuptime
$Year = $RunTime.Substring(0,4)
$Month = $Runtime.Substring(4,2)
$Day = $Runtime.Substring(6,2)
$Hour = $Runtime.Substring(8,2)
$Min = $Runtime.Substring(10,2)
$Sec = $Runtime.Substring(12,2)
$RunTimeS = $Year + "-" + $Month + "-" + $Day + " " + $Hour + ":" + $Min + ":" + $Sec
$StartTime = [system.Convert]::ToDateTime($RunTimeS)
Write-Host "System start time:"$StartTime
- 获取本机的内存
gwmi Win32_PhysicalMemory | %{$sum = 0} { $sum += $_.Capacity } {Write-Host ($sum / 1GB) "GB"}- 远程管理计算机 (需要以管理员身份运行powershell)
Enable-PSRemoting
Set-Item wsman:\localhost\Client\TrustedHosts -value 192.168.0.100
Enter-PSSession 192.168.0.100 -Credential contoso\admincn扩展一下:写一个脚本自动化去检查192.168.0.100上的硬盘容量,无需登录操作,当然还可以发散思维
Function Get-DomainCredential()
{
$domain=Get-DomainName
$username = "$domain\admincn"
$password = "Pa55w.rd!"
$cred = New-Object System.Management.Automation.PSCredential -ArgumentList @($username,(ConvertTo-SecureString -String $password -AsPlainText -Force))
return $cred
}
##################自动打开远程#################################################################
$username = "contoso\admincn"
$password = "Pa55w.rd!"
$cred = New-Object System.Management.Automation.PSCredential -ArgumentList @($username,(ConvertTo-SecureString -String $password -AsPlainText -Force))
Enable-PSRemoting -Force
Enter-PSSession 192.168.0.100 -Credential $cred
$startFolder = "E:\"
$colItems = (Get-ChildItem $startFolder | Where-Object {$_.PSIsContainer -eq $True} | Sort-Object)
foreach ($i in $colItems)
{
$subFolderItems = (Get-ChildItem $i.FullName -recurse | Measure-Object -property length -sum)
$FileSize="{0:N2}" -f ($subFolderItems.sum / 1GB)
$Unit='GB'
if($FileSize -lt 1)
{
$FileSize="{0:N2}" -f ($subFolderItems.sum / 1MB)
$Unit='MB'
}
write-host $i.FullName ' -- ' $FileSize $Unit -fore green
}三、管理计算机的日志
- 获取本机的安全日志
Get-HotFix | Where-Object {$_.Description -eq "Security Update"}|Export-Csv -Encoding Utf8 -NoTypeInformation D:\Securitylog.csv
- 获取Application、Security 事件最近10条信息
Get-EventLog Application -ComputerName 'server01','server02' -newest 10
Get-EventLog Application -ComputerName 'server01','server02' -newest 10
- 获取日志:通过文本方式,需要先提前把你需要的计算机名称写入到list.txt文本中
Get-EventLog Application -ComputerName (Get-Content d:\list.txt) -newest 10 |Export-Csv -Encoding Utf8 -NoTypeInformation D:\Applicationlog.csv- 使用帮助来获取例子
help Get-EventLog -Examples
好了,先就记录到这里,到点了,休息了。