PowerShell for Windows Admins

September 4, 2013  2:26 PM

Integer sizes save the day

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

I was looking to convert some string data into integers – the data was bytes & I needed it in GB. The value I needed was buried in the middle of a string so I needed to do some string processing. Some other conditions forced me to use the Parse method of the integer class

Lets say I get a number like 2147483169 back in the data & I need to divide by 1gb

£> [int]::Parse(“2147483169”) / 1gb

I’ve put the string value directly in here rather than the complicated string processing I was actually using.

The point came when I realised that I could have much bigger numbers than 2Gb so what was the maximum I could work with

£> [int]::maxValue
£> [int]::maxValue / 1gb

OK thats not enough. The standard [int] is 32bits & I know its big brother has 64 bits so how big is big brother

£> [int64]::maxValue
£> [int64]::maxValue / 1gb

That’s more than big enough so I went with 64 bit integers.

This isn’t just a developer type thing because I was working with Exchange mail box sizes. So the moral of the story is to think about the possible values you’ll see in you data while you are coding to avoid errors or failure when you are running the script.

September 3, 2013  2:24 PM

Import and Export PSSession

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

A couple of comdlets that I’ve not really used much before have just come into prominance for me to solve a problem I’ve been working on. These cmdlets are:


The two cmdlets work with commands in a remote session but have subtle differences in terms of what they actually do.


This cmdlet imports commands (cmdlets, functions and aliases) from a PSsession on a remote (or local) machine into your current PowerShell session. You must have a remoting session open to the machine from which you want to import and that session must remain open while you are using the commands.

A temporary module is created to hold the imported commands. when you close PowerShell it is removed. Each command has an –AsJob parameter added.

The commands are imported into your session as functions and rely on remoting to access the remote machine. This means that you get inert objects back exactly as if you had run the command on the remote machine through a remoting session.


This cmdlet imports commands from a Powershell remotign session BUT it saves them as a module on your local machine. You have to then import the module to use the commands. You will need a remoting session the remote machine for the module to work – Powershell will create it for you when you import the module if one doesn’t exist.

The advantage is that you are importing a local module which should be faster than using import-pssession each time.

September 2, 2013  3:28 PM

Get-Alias surprise

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

On the principle that any day on which you learn something new is not a complete waste I stumbled over this today:

Get-Alias has a –definition parameter

I’d always done this

Get-Alias | where Definition -eq ‘select-string’

now I can save some typing

get-alias -Definition ‘select-string’


September 2, 2013  11:29 AM

Winter Scripting Games–maybe?

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Did you enjoy the Summer Scripting Games? Do you want more?

We are exploring the possibility of running a Winter Scripting Games – see http://powershell.org/wp/forums/topic/winter-games-2013/

This will be a team event (minimum of 2) that would run late this year or early next year.


Add a comment with your thoughts on the process and the timing to the thread at the above URL

September 1, 2013  1:56 PM

Get-Command trick

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

A useful trick with Get-Command. Use the –ListImported parameter

Get-Command -ListImported -CommandType cmdlet

shows the cmdlets imported into your session

Get-Command -ListImported -CommandType function

shows the functions imported into your session

Get-Command –ListImported

shows cmdlets and functions

useful for knowing what you’ve imported against what’s available

September 1, 2013  4:57 AM

Find the key of a WMI class

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

At least one property of a WMI class will be marked as a key. This information is held in the property Qualifiers which is a collection of data. The key is needed if you need to create an instance of the class. I’ve shown how to find the key with Get-WmiObject before but not with the new CIM cmdlets.

Its actually easier with the CIM cmdlets

$class = Get-CimClass -ClassName Win32_Process

foreach ($property in $class.CimClassProperties) {

$property | select -ExpandProperty Qualifiers |
foreach {
if ($_.Name -eq ‘key’){


Get the CIM class. Iterate over the properties and expand the Qualifiers of the property. Check the names of the qualifiers for key & when you find it print out the property data

August 31, 2013  2:18 PM

Server Core Module

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

On a Windows Server 2012 system you will find a ServerCore module with two cmdlets


On a full GUI system the cmdlets work

PS> Get-DisplayResolution

And thats it! Not a lot but it shows the basic information

You set the resolution like this
Set-DisplayResolution -Width 1366 -Height 768

If you look in the functions both actually call the setres command!

August 31, 2013  8:21 AM

Third Age of PowerShell

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

We’re now firmly in the Third Age of PowerShell.

The First Age covered the betas and PowerShell 1.0

PowerShell was adopted by developers and admins (with a scripting background) that saw the need for better automation tools and went looking for them. Information was sketchy, and every new discovery of how to do something generated a blog post.

Exchange 2007 relied on PowerShell for some activities but most admins only used it when they had to and in a very begrudging way. The moans about functionality that was only available through PowerShell went on & on

while ($true){
Write-Host “Why can’t I use the GUI”

PowerShell was very niche with a relatively small number of (very vocal) supporters and was viewed as something that had to be used rather than a tool admins were comfortable with.

The Second Age started with the release of Windows Server 2008 R2 and PowerShell 2.0

Many of the functionality gaps were filled and PowerShell came of age. Microsoft made PowerShell support mandatory for all products – some did it better than others which is still true to day.

Admins began to sit up and take notice as the body of information grew. Blogs began to die away though which is a shame in many ways.

The Scripting Games cut over to being PowerShell only.

The start of the Third Age is defined by the release of PowerShell 3.0 and Windows Server 2012. The amount of PowerShell functionality has gone through the roof – there are still bits of the PowerShell functionality in Server 2012 I haven’t touched.

Admins are beginning to embrace PowerShell. The last 12 months or so I’ve heard a lot of statements that start “I can use PowerShell to do that..”

PowerShell is here to stay and its a must learn technology. The self-proclaimed industry experts are now jumping on the bandwagon and pushing PowerShell as if they invented it.

So where do we go from here.

PowerShell 4.0 will be with us in October with the availability of Server 2012 R2. It has some evolutionary features but I don’t think there’s anything revolutionary.

We’ll still be in the Third Age.

The Fourth Age will start when the majority of admins use PowerShell as a matter of course and you can’t really work on the Windows platform without it.

Come on Microsoft – Make my day & remove the GUI permanently from Windows Server.

August 31, 2013  6:16 AM

Travelling devices

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Disclaimer: The following is based on my personal experiences and needs that may well not match yours. Feel free to disagree with my conclusions. I offer my insights to help others decide on the devices that suit them.

I’ve been using a number of devices over the last six months or so and found they all have problems. They have seemed to settle into niches though.

Microsoft Surface RT.

The great thing about this is that it has the Microsoft Office installed. Complete versions of Word, Excel, PowerPoint and OneNote. The email client is reasonable – its the standard Windows 8 mail app. It also shares settings with my other Windows 8 devices. And best of all it has PowerShell installed. PowerShell is constrained and restricted but it is very useful. The fact that it has a full size USB port makes movign files between devices very easy. The stand is a brilliant idea that makes using it on a desk much more comfortable.

The aspect ratio is 16:9 rather than the more common 4:3 which makes using it as a reader a bit awkward. Its also too big to be used comfortably as an e-reader.

Mainly used for meetings, conferences and writing while travelling. I’ve written several chapters of my latest book on it and though the touch keyboard isn’t brilliant it is more than usable.

Number 1 choice for working.

Kindle Fire HD

This is my device of choice if I’m on holiday. Very good size as an e-reader and good email client. The apps are OK but the screen is too small to work on documents except for a quick skim read. The web browser is fast. Linking to my main laptop is easy through a USB cable which makes transferring files simple.


This is the least useful of all my devices. The Kindle app is flashy with the simulated page turning but it isn’t comfortable to hold for long periods. The fact that you have to link through itunes to move files around is a pain. It is useful reading technical books due to the screen size. The retina display that’s raved about doesn’t look any better to my eyes than any of the other devices. The email client is so-so. It still reports the number of unread messages incorrectly. The on screen keyboard isn’t very well laid out – especially the odd characters like # where you have to go to a third level. The web browser is so and unresponsive.

Apart from being another screen when researching through technical books its not used that much. Definitely the one I could live without.

The best e-reader of all for long distance flights/trains is still my simple Kindle device!

I still have a netbook that runs Windows 8. It’s used when I need a full Windows 8 device that’s got a small footprint.

August 30, 2013  11:09 AM

Filtering AD searches

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Interesting question came up regarding how you define a Filter when you are searching for particular users. With the Microsoft cmdlets you can define a filter or an ldapfilter.

In these examples we’re looking for users that don’t have email addresses. First lets look at a filter

PS> Get-ADUser -Filter {mail -notlike “*”} | select Name, objectclass | group objectclass -NoElement

Count Name
—– —-
776 user

The filter is looking for any user accounts that have a mail attribute that isn’t like any characters – in otherwords empty. The advantage of using the –Filter parameter is that the syntax is easy and is what you’re used to in other PowerShell cmdlets such as Where-Object.

The LDAP filters get a bit more complicated

PS> Get-ADUser -LDAPFilter “(&(objectCategory=user)(!mail=*))” | select Name, objectclass | group objectclass -NoElement

Count Name
—– —-
776 user

Same results but the filter is much more difficult to understand


& means AND

! means NOT

so this reads as

objectcategory=user AND NOT(mail = anything)

The advantage to using an LDAP filter is that you can re-use it on the GUI tools or directorysearcher

You need to be careful if you use Get-ADObject instead of Get-ADUser. Using the same LDAPFilter as above is fine

PS> Get-ADObject -LDAPFilter “(&(objectCategory=user)(!mail=*))” | select Name, objectclass | group objectclass -NoElement

Count Name
—– —-
776 user

but if you change objectcategory to objectclass which seems reasonable you get very different results:

PS> Get-ADObject -LDAPFilter “(&(objectClass=user)(!mail=*))” | select Name, objectclass | group objectclass -NoElement

Count Name
—– —-
30 computer
776 user
2 msDS-ManagedServiceAcc…
1 msDS-GroupManagedServi…

Huh! – Computers?

This because computers, users and managed service accounts all derive from the same AD schema class – users BUT they have different objectcategories to separate them.

There’ll be a lot more on searching AD and LDAP filters in AD management in a month of lunches – www.manning.com/siddaway3

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: