Qamba Knowledge Base
PowerShell Commands for IT Helpdesk Staff
Please Note:
Unlike many of the articles on this site, this article is written for “IT people” and relates to technical subject matter.
Only follow the below info if suitable to your specific situation and you understand and accept all risk.
Powershell’s not just for System Administrators, Software Developers, Scripters or those who manage your RMM tools. It can and should be used to make helpdesks & service desk staff more efficient.
You don’t need to know how to write complex scripts or read “PowerShell in a month of lunches” to start gaining benefits of PowerShell. You just need to know and try out a few simple commands that can save a lot of time compared to going through the graphical user interface. You can collect useful commands in a note or template out changes before they are requires and simply paste the command into PowerShell.
The below commands will need to be run on a server that relates to what you are doing, running Active directory commands on a server that is not a domain controller won’t work. Also some command may need you to run PowerShell as admin, depending if they need that level of permission or not.
Active Directory Commands
Check to See if a users account is expired or locked out:Search-ADAccount -PasswordExpired
Search-ADAccount -LockedOut
The above will quickly list all account that have passwords expired or locked out, so you can quickly know if that’s t
he issue or not
Unlock an Account:Unlock-ADaccount -identity "USERNAME"
Replace username with the username of the account you are targeting.
Unlock multiple accounts:search-adaccount -lockedout | out-gridview -passthru | unlock-adaccount
This will display all locked out accounts in a nice list, you can then apply a filter and any remaining accounts will be unlocked once you press ok.
Reset a Password:Set-ADAccountPassword USERNAME -NewPassword (Read-Host "Enter the new password" -AsSecureString) –Reset
Reset a password and force user to set a new one on next login, this will prompt you for the password, replace USERNAME with the user you want to target. Remove the -reset if you don’t want to force the user to change the password on their next logon.
Sync Account changes in Active Directory with Azure AD : Start-ADSyncSyncCycle -PolicyType Delta
Sick of waiting for a password change or newly created account to sync up with your Microsoft 365 tenancy. Run this to start the sync straight away instead of the usual once every 30 minutes delay.
Add a user to a Active Directory Group:Add-ADGroupMember -Identity 'GROUPNAME' -Members 'USERNAME','USERNAME2'
Replace Groupname and Usernames, you can add extra users by adding a comma and then listing multiple users.
Software Documentation
Remove all TeamViewer installs, you can change this to other software instead of TeamViewer but not all support this uninstall method, and make sure to test.Get-WmiObject -Class Win32_Product -Filter "Vendor LIKE 'TeamViewer' " | Foreach { ($_).uninstall() }
List all Installed 32bit software:Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate
List all Installed 64bit software:Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate | Where-Object Displayname -notlike ""
List all installed software:$Software_List = @(); $Software_List += Get-ItemProperty HKLM:\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate; $Software_List += Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate ; $Software_List
List all installed AppXpackages for all UsersGet-AppxPackage -AllUsers
Local Computer Commands
List all local user accounts:Get-LocalUser
Get useful info on Computer:get-ComputerInfo
Same as above but with less details:Get-ComputerInfo CsName,WindowsProductName,CsDomain,CsProcessors,LogonServer,OsVersion,BiosReleaseDate
Download a file from a known URL to C:\temp\ and Rename it:Invoke-WebRequest 'https://www.dropbox.com/download?os=win' -OutFile 'c:\temp\DropboxInstaller.exe'
Empty Recycling Bin for C:Clear-RecycleBin -force -driveletter C
List Important Computer Information:Get-computerinfo
Get printer information:Get-Printer
Rename a computer and restart it:Rename-Computer -newname DESKTOPNAMEHERE -Restart
Restart the Print Spoolter Service:Restart-Service -Name Spooler
Restart a computer or shut it down Restart-Computer
Stop-Computer
Force an immediate restart:Restart-Computer -Force
List all processes that contain a specific word.get-process | where-object name -like "*word*"
Replace the text ‘word’ to what you are looking for.
Stop all process that contain a specific work (be careful with this command):get-process | where-object name -like "*word*" | stop-process
Strongly recommend you run the command without the ‘| stop-process’ part first to confirm what will be stopped.
Find all file paths longer than 220 characters in current folder (Use set-location (or ‘cd’) to select the folder first)
(get-Childitem -Recurse).fullname | Where-Object length -gt 220
Event log commands
Find reason for unexpected shutdown on a serverGet-EventLog -LogName system -Source user32 | Select-Object TimeGenerated, Message | Sort-Object message
Get the last 100 events in the system logGet-EventLog -LogName system -Newest 100
Networking Commands
Test basic connectivity to a device or the internetTest-connection google.com
Test-connection 10.1.1.1
Clear DNS CacheClear-DnsClientCache
Check if domain computers domain trust is working, and repair it.Test-ComputerSecureChannel
Repair domain computers domain trust.
Test-ComputerSecureChannel -Repair
Check if an outbound port is openTest-NetConnection -Port 80
Getting the Output
You can combine multiple PowerShell commands to format the output or place it in a file (or your clipboard).
Add the following to any PowerShell command with an text output to save even more time:
Put the output into the clipboard| Clip
E.g. get-printer | clip
This will mean you don’t need to highlight and copy the output, PowerShell will put it straight into your clipboard.
Format the output as a List or a table| Format-List
| Format-Table
e.g. Get-Printers | Format-List
This will change how the output is formatted, most commands will show either a list or a table, you can use this to reformat it.
Save output to a file| Out-FIle C:\temp\PowershellOutput.txt
e.g. Get-Service | Out-FIle C:\temp\PowershellOutput.txt
Will save the output to a file.
View the Output in filterable and sortable list| Out-Gridview
e.g. Get-Service | Out-Gridview