What is Windows PowerShell?
Windows PowerShell is an object-oriented scripting language built over a .NET Framework for use in Windows environments. It is mainly used for performing management and reporting operations, and also automating administration tasks across multiple platforms and applications including the Windows OS. This is a handy PowerShell guide for beginners trying to learn PowerShell.
Did you know? / PowerShell - a quick history
Pre-2002 - Automation and integration scripting tools were pretty much non-existent. IT admins had to use multiple tools and languages, like DOS Shell, VBScript, and Windows Basic scripting to manage their Windows environments.
2002 - Jeffrey Snover publishes the Monad Manifesto, in which he introduces Monad as the "next generation platform for administrative automation".
PowerShell has since been fine-tuned multiple times over almost two decades to its current version, PowerShell 7.0.
How does Windows PowerShell make AD management and reporting easier?
PowerShell adds an element of ease, efficiency and flexibility to the traditional Windows Command Prompt. It is often the tool of choice for integrating administration tasks across different applications in the Windows environment. In fact, it comes bundled with all Windows OS versions released after Windows Server 2008, cutting down the hassle of installing it separately. As it supports .NET objects and can access all .NET libraries, it can also work with scripting languages like C# or Visual Basic, to name a few. This PowerShell tutorial requires little knowledge of programming and is beginner friendly.
Dummies hack: ADManager Plus provides a simple and user-friendly GUI that accomplishes crucial Active Directory, Exchange, and Office 365 (Microsoft 365) administrative tasks easier and more efficiently than running PowerShell's complex scripts. Try it for free now!
How do you launch PowerShell?
The most common question that many PowerShell beginners have is "How to launch PowerShell?" PowerShell comes pre-installed in recent versions of Windows OS. Follow these steps to launch it:
- Search for Windows PowerShell in the start menu.
- Click on the application, and select Run as Administrator as shown in the following image to launch it.
- If you have an earlier version installed and want to upgrade Windows PowerShell to its latest version, click here.
In the image above you can also see another result, Windows PowerShell ISE has popped up. Wonder what that is? Read on to learn about PowerShell vs PowerShell ISE!
What is Windows PowerShell ISE?
Windows PowerShell ISE is an integrated scripting environment. It is the default editor for PowerShell, and is useful for for running and testing code, and debugging and fixing errors. This host application also contains a list of cmdlets and common modules used by system administrators.
Fun fact: The PowerShell ISE is highly customizable and enables users to pick the color scheme for fonts!
What is a cmdlet in PowerShell?
PowerShell cmdlets return a Microsoft .NET object when executed. A cmdlet is a single command that is executed in a PowerShell pipeline. They are diverse and include binary (C#) cmdlets, advanced script functions, workflows and CDXML. The cmdlets are always in the verb-noun format. For example, Get-Help is a cmdlet used for invoking help about PowerShell topics or commands.
Wait, this sounds like a command. Are cmdlets the same as commands?
The PowerShell cmdlets are a lightweight version of PowerShell commands, but they are different from traditionally used commands in other command-shell environments. Unlike commands, the cmdlets cannot be executed separately. Similarly, cmdlets do not handle parsing or output formatting. Since cmdlets are record-oriented, they usually process one object at a time.
How do you use a cmdlet in PowerShell?
The Get-Help cmdlet is an important and useful cmdlet for anyone starting to learn about PowerShell. This cmdlets helps you learn about the other cmdlets used in PowerShell. Let's see how it works.
Launch PowerShell and enter "Get-Help" as shown in the image below.
Press Enter, and you'll see an output like this:
If you would like to learn about any particular cmdlet, instead of all the cmdlets available, use the syntax, "Get-help <cmdlet name>". For example, if want to receive information about the cmdlet used for creating new items, i.e "New-Item", enter the cmdlet as shown in this image:
Try these too:
You can try other cmdlets, like Get-Service which returns a list of all services installed in the machine.
The Get-Command cmdlet returns an exhaustive list of all commands, cmdlets, aliases, functions, filters, scripts, and applications.
What is a PowerShell script and how do you execute one?
A PowerShell script is usually saved as a .ps1 file. By default, Windows protects your machine by preventing it from running malicious scripts, and it views a .ps1 file as malicious. However, you can run a .ps1 file by right-clicking on it, and selecting "Run with PowerShell". If your policy setting is "Restricted", you might not be able to run the script until you change the .ps1 file to "Unrestricted". Follow these steps to determine and to change your policy settings:
- Launch PowerShell as the administrator.
- Run the "Get-ExecutionPolicy" command. It will return information about the default execution policy as shown in this image.
- To change the execution policy, run the command "Set-ExecutionPolicy <Policy name>". For example, if you want to change the execution setting to "Unrestricted", the command would be:
Policy Name Description Restricted No scripts are allowed to run. This is the default setting. All Signed Only the scripts signed by a trusted developer are allowed to run. Remote Signed Locally created scripts are allowed to run. Remotely created scripts are allowed to run only if signed by a trusted developer. Unrestricted Any script can be run without restrictions.
You can also run the PowerShell script from cmd by entering the full path of the PowerShell script, for example "C:\PS\samplescript.ps1".
Components that make up a PowerShell script
A PowerShell script is composed of many diverse elements. You can use these elements to create your own custom cmdlets.
The PowerShell parameters follow the hyphen after each cmdlet. Each cmdlet can have several parameters representing different functions. For example,when you use the cmdlet,
Get-Service -Name T*
the asterisk (*) serves as a wildcard so that all services that start with the letter T will be displayed. In this example, "Name" is the parameter.
Fun fact: When you use the PowerShell ISE, it automatically lists all compatible parameters after you type the hyphen next to a cmdlet. Try it!
Aliases are shortened cmdlet names. For example, you can use the "Help" (alias) in place of the "Get-Help" cmdlet. Each will return the same result as shown in the images below.
PowerShell comments are used in the same sense as comments in any other scripting language. They are useful for the people who use the script to better understand its purpose. A hash(#) symbol precedes the comments in PowerShell scripts.
Pipes are used for allowing data to flow from one cmdlet to another. For example, you can use two different cmdlets to list all services, and then sort them in a particular order, or list and sort them at once using pipes. The following example sorts the services in order of their names.
Get-Service | Sort-Object -Property Name
A PowerShell variable is a block of memory used for storing values. PowerShell variables are specified with a "$" symbol in the beginning, followed by variable name and an "=" symbol, followed by values. The name of a variable can range from numbers to alphabets, and even include underscores. These non-case-sensitive variables are object based and not text-based.
$<variable name> = "<variable value>"
A PowerShell array is a data structure which contains a set of elements or objects arranged in a sequential and numbered order. Arrays can contain one or more items. The item can be a string, integer, object, another array, or a combination of all these. The index for these items starts at 0 (zero), followed by 1, 2... and so forth.
= @('<value1>','<value2>'...'<value n>')
PowerShell scripts for Active Directory management
The PowerShell cmdlets for managing Active Directory (AD) are available in the "Active Directory module for PowerShell" module that can be launched from the start menu. If it is not installed, you can install it from these links for Windows 10, Windows 8.1, Windows 8 or Windows 7.
The PowerShell commands for AD help you to manage AD objects with ease. There are many AD administration tasks which are performed efficiently with PowerShell Active Directory scripts.
- Active Directory (AD) management
- Create AD user
- Import users to AD
- Add a new user to an AD domain
- Enable an AD user account
- Disable an AD user account
- Modify AD user's attributes
- Delete an AD user account
- Add proxy address to AD user accounts
- Remove users from AD groups
- Set expiration date for AD accounts
- Modify AD user account's control settings
- Unlock AD user account
- Perform cleanup of inactive AD users
- Computer management
- Organizational Unit (OU) management
- Group Policy Object (GPO) management
- Password management
- Folder access management
- Group management
- Exchange management
- Microsoft 365 (Office 365) management
- Active Directory reporting
Reports on Active Directory users
- Get a list of all AD users
- Get a list of all active or inactive AD users
- Get a list of enabled AD users
- Get a list of disabled AD users
- Get a list of AD acounts' status
- Get a list of locked out AD user accounts
- Get a list of account expired users
- Get a list of user acounts' last logon time
- Get a list of AD users' accounts that never expire
- Get a list of AD users based on specific criteria
- Get a list of AD users with their managers
- Get a list of AD users with their sAMAccountname
- Get a list of AD users from desired Organizational Units
- Get a list of AD users with their display names
- Get a list of users belonging to a specific department
- Get a list of AD users with empty attributes
- Get a list of AD users with a specific Common Name (CN)
- Reports on computer objects
- Reports on Group Policy Objects
- Reports based on password settings
- Reports on Exchange Online distribution groups
- Reports based on folder access
- Reports on Organizational Units (OUs)
- Reports on Active Directory groups
- Reports on Microsoft 365 (Office 365)