PowerShell for Windows Admins

October 5, 2013  5:41 AM

Common mistakes–filtering

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Which of these should you use

Get-WmiObject -Class Win32_LogicalDisk | where DriveType -eq 3


Get-WmiObject -Class Win32_LogicalDisk -Filter {DriveType = 3}

They both give the same results after all.

Against a remote machine the first one took 640 milliseconds and the second took 245 milliseconds.

The reason for the difference is that the first command pulls back information on all logical disks – and then filters. The second on pulls back information on drive type 3 (local hard disks)

The 395 milliseconds difference doesn’t sound much and against 1 machine is negligible. No span that across hundreds or thousands of machines and you get a significant impact.

Always filter the data down as soon as you can – preferably at source.

October 3, 2013  2:00 AM

Scanning event logs

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

My post on scanning event logs on multiple machines using a workflow went live on the Scripting Guy blog yesterday –


September 29, 2013  11:23 AM

Winter Scripting Games scheduled

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

The Winter Scripting Games are tentatively schedule to start 6 January 2014 & run for 4-6 weeks depending on the number of events.

See http://powershell.org/wp/2013/09/29/winter-scripting-games-tentatively-scheduled/ for latest details

September 28, 2013  3:39 AM

PowerShell too big to know

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

A couple of sentences in the Scripting Guy’s post from yesterday


stuck in my mind:

“I am not certain I have ever met anyone who knows everything there is to know about Windows PowerShell. In fact, I am not certain I have ever met anyone who knows nearly everything there is to know about Windows PowerShell. “

One simple anecdote should put that in context. At the recent PowerShell summit a number of things were demonstrated that had senior members of the PowerShell team saying “I didn’t know you could do that” As an aside similar scenarios played out at the 3 PowerShell Deep Dives in 2011 & 2012.

I’ve been using PowerShell since the early betas for 1.0 & have been an MVP for 6 years and I definitely don’t know everything about PowerShell. I’m learning something new about PowerShell every day.

Think also that it took three of us to write PowerShell in Depth.

There are a whole bunch of modules in Windows 2012 & 2012 R2 I haven’t had time to paly with yet. Add in the PowerShell functionality in SharePoint, Exchange, SQL Server plus all the other Microsoft and third party products and no one can know all there is to know about PowerShell.

One of the great joys of working PowerShell is that there is always something new to learn. Sure, you’re building on what you already know but even the core PowerShell engine can bring surprises.

I’d be highly suspicious of anyone claiming to know everything about PowerShell.

September 27, 2013  11:02 AM

PowerShell Summit 2014–reasons to attend

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Microsoft’s Scripting Guy supplies a number of very compelling reasons for attending the PowerShell Summit 2014 in Seattle.


Registration details can be found here


In addition to the powershell.org you will be able to talk to MVPs, the representatives from the PowerShell team, The Scripting Guy and a whole bunch of people who use PowerShell on a daily basis and probably have the answer to that burning question.

This years’s event was brilliant – next years will be at least as good if not better.

It is the PowerShell event of the year – highly recommended

September 26, 2013  12:58 PM

Rolling back time

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

There are many situations where you want to roll the date back – checking a file’s last access time, processing event logs, checking a password expiry in AD.

Get-Date (or more accurately the underlying System.DateTime .NET class offers a number of options.

Lets say you need a date that’s 3 months in the past.

You could create it directly:

£> Get-Date -Day 26 -Month 6 -Year 2013

26 June 2013 19:41:42


£> Get-Date -Date “26 June 2013”

26 June 2013 00:00:00

Notice the difference on the times. I’m going to ignore the time portion.

Get-Date supplies a number of methods you could use:

Get-Date | Get-Member -MemberType Method


£> $ts = New-TimeSpan -Days 91
£> $ts

Days : 91
Hours : 0
Minutes : 0
Seconds : 0
Milliseconds : 0
Ticks : 78624000000000
TotalDays : 91
TotalHours : 2184
TotalMinutes : 131040
TotalSeconds : 7862400
TotalMilliseconds : 7862400000

£> (Get-Date).Add(-$ts)

27 June 2013 19:46:06

£> (Get-Date).AddDays(-$ts.Totaldays)

27 June 2013 19:46:32

£> (Get-Date).AddHours(-$ts.TotalHours)

27 June 2013 19:48:32

£> (Get-Date).AddMinutes(-$ts.TotalMinutes)

27 June 2013 19:49:07

£> (Get-Date).AddSeconds(-$ts.TotalSeconds)

27 June 2013 19:50:18

£> (Get-Date).AddMilliseconds(-$total.TotalMilliseconds)

26 September 2013 19:51:19

£> (Get-Date).AddTicks(-$total.TotalTicks)

26 September 2013 19:51:38

You can also do

£> (Get-Date).AddMonths(-3)

26 June 2013 19:52:12

£> (Get-Date).AddYears(-0.25)

26 September 2013 19:52:37

Lots of ways to solve the same problem. While you normally wouldn’t want to calculate a date 3 months in the past based on seconds or ticks the fact that you can use those values opens up other possibilities.

The [datetime] class supplies a good set of methods for manipulating dates. Knowing they are there enables you to use the most appropriate to solve your task.

September 25, 2013  2:10 AM

Server Documentation

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

No one likes documenting their servers but is a necessary job. As the start of a series on taking those first automation steps – you’ve learned PowerShell and now you want to put it to use – I have an article on the Scripting Guy blog that shows you how to get started documenting your servers



If you have any ideas for future articles in the series please leave a comment

September 23, 2013  12:26 PM

Select and List

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

There are many times when I need to do something like this:

get-Whatever | select –first 1 | format-list –property *

Normally its because I need to discover the properties on an object and see some representative data at the same time. If I just wanted the properties I could use Get-Member.

Getting tired of typing

select –first 1 | format-list –property *

Its a bit repetitive & boring I decided to look at a function to do this for me and ended up with this

function Select1FullList {
param (
Invoke-Command -ScriptBlock $scriptblock |
Select-Object -First 1 |
Format-List -Property *

New-Alias -Name sfl -Value Select1FullList

I decided on a scriptblock as input because I wasn’t sure what I’d be wanting to see. For instance

Get-mailbox | Get-mailboxstatistics

could be be my input.

I also decided to use an alias as this is a command line tool for use while I’m writing code. My feelings on aliases in scripts still stand.

Still deciding if I need to add a computername parameter to give it remoting capabilities.

Any ways its going into my profile for now & we’ll see how it works out.

September 21, 2013  5:37 AM

AD Month of Lunches–Chapt 18 & 19 in MEAP

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

An updated MEAP has been released for Active Directory Management in a Month of Lunches. This one adds chapters 18 & 19

Chapter 18, “Managing AD trusts”
Chapter 19, “Troubleshooting your AD”
The MEAP is available from www.manning.com/siddaway3


September 21, 2013  4:23 AM

PowerShell Hero

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

PowerShell.org is giving you the chance to nominate your PowerShell hero – someone how has helped you & others with their PowerShell problems.

Details from http://powershell.org/wp/2013/09/20/nominate-your-powershell-hero/

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: