All posts by Sysop

Remoting in PowerShell


invoke-command -ComputerName (get-content C:\temp\TestComputers.txt) -ScriptBlock {get-eventlog -LogName Application -Newest 5}

invoke-command -ComputerName (get-adcomputer -filter *) -ScriptBlock {get-eventlog -LogName Application -Newest 5}

PS C:\temp> Enter-PSSession -ComputerName SGEN-TN01

[SGEN-TN01]: PS C:\Users\admin-its-tn\Documents> get-eventlog -LogName Application -Newest 5

   Index Time          EntryType   Source                 InstanceID Message                                                                                                                 

   —– —-          ———   ——                 ———- ——-                                                                                                                 

    3382 Sep 04 12:05  Information SceCli                 1073743528 Security policy in the Group policy objects has been applied successfully.                                              

    3381 Sep 04 12:05  Information gupdate                         0 The description for Event ID ‘0’ in Source ‘gupdate’ cannot be found.  The local computer may not have the necessary r…

    3380 Sep 04 10:59  Information Windows Error Rep…         1001 Fault bucket 1838438238644566740, type 5…                                                                             

    3379 Sep 04 10:35  Information gupdate                         0 The description for Event ID ‘0’ in Source ‘gupdate’ cannot be found.  The local computer may not have the necessary r…

    3378 Sep 04 10:35  0           Software Protecti…   1073742727 The Software Protection service has stopped….                                                                          

[SGEN-TN01]: PS C:\Users\admin-its-tn\Documents> Exit-PSSession

PS C:\temp> 

Returning just the value in PowerShell

This uses “-expand” or “-expanproperty”

Get-ADComputer -filter -searchbase “ou=domain controllers, dc=company,dc=primary”

…this will return a list of computer OBJECTS from the domain controllers OU.

You cannot use this command as a pipeline return….

Get-Service -computerName (Get-ADComputer -filter -searchbase “ou=domain controllers, dc=company,dc=primary”)

As “-ComputerName” is expecting a string and NOT an object. To resolve this we can use the “-expand” to extract a property……

Get-ADComputer -filter -searchbase “ou=domain controllers, dc=company,dc=primary” | Select-Object -expandproperty Name

So, this would work…..

Get-Service -computerName (Get-ADComputer -filter -searchbase “ou=domain controllers, dc=company,dc=primary” | Select-Object -expandproperty Name)

Get-Process -computerName (import-csv .\computers.csv | select-object -expandproperty hostname)

Syntax in PowerShell

Get-EventLog [-LogName] <String> [[-InstanceId] <Int64[]>] [-After <DateTime>] [-AsBaseObject] [-Before <DateTime>] [-ComputerName <String[]>] [-EntryType {Error | Information | FailureAudit | SuccessAudit | Warning}] [-Index <Int32[]>] [-Message <String>] [-Newest <Int32>] [-Source <String[]>] [-UserName <String[]>]
Get-EventLog [-AsString] [-ComputerName <String[]>] [-List] [<CommonParameters>]
  • There are two possible combinations of parameters you can’t mix between them, some commands may have more than 2 sets.
  • Anything in square brackets is optional.
  • If you omit optional parameter names then they MUST be provided in the correct order! (e.g. ‘Get-EventLog Security 10’ is shorthand for  ‘Get-EventLog -LogName Security -InstanceID 10’. ‘Get-EventLog 10 Security’ will not work as there is no Event Log called 10).
[-LogName] <String>
  • The log name is not optional as its not in square brackets but actually writing the word LogName is!
[[-InstanceId] <Int64[]>]
  • Instance ID is optional (the whole thing is in square brackets
  • Writing ‘-InstanceID’ is optional
  • InstanceID expects a 64-bit integer (-9223372036854775808 to 9223372036854775807) and the additional square brackets indicate it will accept and array or list of them
  • This is a switch, essentially a parameter without a value
  • These are a bunch of parameters available to ALL commands

Alias in PowerShell

Finding the alias of a command:

get-alias -Definition "Get-Service"

Finding the command of an alias

Get-alias gsv
Help gsv

Finding the alias of a parameter (getting the alias of the computername parameter for ‘Get-EventLog’):

(get-command get-eventlog | select -ExpandProperty parameters) .computername.aliases

Finding the parameter of an alias (getting the parameter of the -Cn alias for ‘Get-EventLog’):

get-eventlog -Cn

(this will error with the error displaying the full parameter name of the Alias)

Objects in Powershell

$List = New-Object System.Collections.Generic.List[System.Object]

foreach($User in $Users){

    ### Your processing code goes here ###

    $props = @{
        UPN = $User.User
        Type = $Type
    $object = new-object psobject -Property $props

This is my second version of this as I more often want to create custom objects in a loop as the standard properties are missing something or I want to add a value from another query.
I’ve used $Users here as my input array as that’s what I most commonly have to use.

I’ve used a list here instead of an array as they are faster. You can append to a list. To add to an array you actually have to create an array one larger than the last array, populate it with the previous values and the the one you want to add.

Further reading: