PowerShell for Windows Admins

March 26, 2013  3:02 PM

CIM cmdlets

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

The CIM cmdlets are found in the CIMcmdlets module.

Get-Command -Module CimCmdlets  produces this list of names.  I’ve added some information on the tasks they perform

Get-CimAssociatedInstance  is for working with WMI associated classes
Get-CimClass  is for discovering the properties and methods of a WMI class
Get-CimInstance    is analogous to  Get-WmiObject
Invoke-CimMethod    is analogous to Invoke-WMIMethod   
New-CimInstance  can be used for creating a new WMI instance in certain circumstances
Register-CimIndicationEvent    is analogous to Register-WMIEvent
Remove-CimInstance  is analogous to Remove-WMIObject
Set-CimInstance  is analogous to Set-WMIInstance

The CIM session cmdlets are for working with the CIm sessions which are analogous to PowerShell remoting sessions but are used by the CIM cmdlets AND the new WMI based cmdlets in Windows 8/2012 such as the networking cmdlets

March 24, 2013  6:04 AM


Richard Siddaway Richard Siddaway Profile: Richard Siddaway

An email debate yesterday regarding the use of the CIM cmdlets (new in PowerShell 3) vs the WMI cmdlets made me realise that other people are probably wondering the same thing,

The question is really part of a the semi-philosophical debate about when you should adopt new technology.

In the case of the WMI/CIM cmdlets the resolution is fairly straightforward.

If you are using PowerShell v2 you have to use the WMI cmdlets.

If you are using PowerShell v3 – even if you are accessing legacy systems I would recommend the CIM cmdlets.  There are a number of benefits to using the CIM cmdlets:

  • use of WSMAN for remote access – no more DCOM error. You can drop back to DCOM for accessing systems with WSMAN 2 installed
  • use of CIM sessions for accessing multiple machines
  • Get-CIMClass for investigating WMI classes
  • improved way of dealing with WMI associations

As far as I am aware the only thing the CIM cmdlets can’t do is access amended qualifiers such as the class description. Seeing that many classes don’t that set it’s not a major hardship.

Now that I’ve recommended you should use them I’d better show you how – that will cover a mini-series of posts over the next few days

March 21, 2013  1:51 PM

UK PowerShell group session postponement

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

I’m postponing the 26 March session on PowerShell and Hyper-V until 9 April. Invites will go out shortly

March 21, 2013  1:50 PM

PowerShell 3 SDK samples

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

A sample pack for the SDK is now available -  see http://blogs.msdn.com/b/powershell/archive/2013/03/17/windows-powershell-3-0-sample-pack.aspx

March 11, 2013  2:07 PM

Network Adapters–Disable/Enable

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Last time we saw the Get-NetAdapter cmdlet from the NetAdapter module

PS> Get-NetAdapter | ft Name, InterfaceDescription, Status -a

Name     InterfaceDescription                           Status
—-     ——————–                           ——
Ethernet NVIDIA nForce 10/100/1000 Mbps Ethernet        Up
WiFi     Qualcomm Atheros AR5007 802.11b/g WiFi Adapter Up

If you look in the module you also find Disable-NetAdapter & Enable-NetAdapter

PS> Disable-NetAdapter -Name Wifi -Confirm:$false
PS> Get-NetAdapter | ft Name, InterfaceDescription, Status -a

Name     InterfaceDescription                           Status
—-     ——————–                           ——
Ethernet NVIDIA nForce 10/100/1000 Mbps Ethernet        Up
WiFi     Qualcomm Atheros AR5007 802.11b/g WiFi Adapter Disabled

PS> Enable-NetAdapter -Name Wifi -Confirm:$false
PS> Get-NetAdapter | ft Name, InterfaceDescription, Status -a

Name     InterfaceDescription                           Status
—-     ——————–                           ——
Ethernet NVIDIA nForce 10/100/1000 Mbps Ethernet        Up
WiFi     Qualcomm Atheros AR5007 802.11b/g WiFi Adapter Up

You can also enable/disable based on an Input Object, the alias (-ifalias) or the description (-InterfaceDescription)

PS> Get-NetAdapter -Name Wifi | Disable-NetAdapter -Confirm:$false
PS> Get-NetAdapter | ft Name, InterfaceDescription, Status -a

Name     InterfaceDescription                           Status
—-     ——————–                           ——
Ethernet NVIDIA nForce 10/100/1000 Mbps Ethernet        Up
WiFi     Qualcomm Atheros AR5007 802.11b/g WiFi Adapter Disabled

PS> Get-NetAdapter -Name Wifi | Enable-NetAdapter -Confirm:$false
PS> Get-NetAdapter | ft Name, InterfaceDescription, Status -a

Name     InterfaceDescription                           Status
—-     ——————–                           ——
Ethernet NVIDIA nForce 10/100/1000 Mbps Ethernet        Up
WiFi     Qualcomm Atheros AR5007 802.11b/g WiFi Adapter Up

What’s the alias?

PS> Get-NetAdapter | ft Name, InterfaceDescription, ifAlias, InterfaceAlias -a

Name     InterfaceDescription                           ifAlias  InterfaceAlias
—-     ——————–                           ——-  ————–
Ethernet NVIDIA nForce 10/100/1000 Mbps Ethernet        Ethernet Ethernet
WiFi     Qualcomm Atheros AR5007 802.11b/g WiFi Adapter WiFi     WiFi

If you want to use these cmdlets against remote machines you can run them through a CIMsession

March 4, 2013  2:23 PM

Network adapters

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

The WMI classes Win32_NetworkAdapter and Win32_NetworkAdapterConfiguration have seen a lot of use over the years. They can be a bit fiddly to use which is why the NetAdapter module in Windows 8/2012 is a so welcome.

Lets start by looking at basic information gathering

PS> Get-NetAdapter | ft -a

Name     InterfaceDescription                        ifIndex Status MacAddress        LinkSpeed
—-     ——————–                        ——- —— ———-        ———
Ethernet NVIDIA nForce 10/100/1000 Mbps Ethernet          13 Up     00-1F-16-63-F5-DF  100 Mbps
WiFi     Qualcomm Atheros AR5007 802.11b/g WiFi Adapter   12 Up     00-24-2B-2F-9C-A5   54 Mbps

We get the Name & description, status, MAC address and link speed as the default display. Contrast with Win32_NetworkAdapter for the same two interfaces

ServiceName      : athr
MACAddress       : 00:24:2B:2F:9C:A5
AdapterType      : Ethernet 802.3
DeviceID         : 10
Name             : Qualcomm Atheros AR5007 802.11b/g WiFi Adapter
NetworkAddresses :
Speed            : 54000000

ServiceName      : NVNET
MACAddress       : 00:1F:16:63:F5:DF
AdapterType      : Ethernet 802.3
DeviceID         : 11
Name             : NVIDIA nForce 10/100/1000 Mbps Ethernet
NetworkAddresses :
Speed            : 100000000

Notice the ifIndex from Get-NetAdapter & DeviceId from Win32_NetworkAdapter.  Two different numbers to identify the device.

What else can Get-NetAdapter tell us:

PS> Get-NetAdapter  -Name Ethernet | fl *

ifAlias                                          : Ethernet
InterfaceAlias                                   : Ethernet
ifIndex                                          : 13
ifDesc                                           : NVIDIA nForce 10/100/1000 Mbps Ethernet
ifName                                           : Ethernet_7
DriverVersion                                    :
LinkLayerAddress                                 : 00-1F-16-63-F5-DF
MacAddress                                       : 00-1F-16-63-F5-DF
Status                                           : Up
LinkSpeed                                        : 100 Mbps
MediaType                                        : 802.3
PhysicalMediaType                                : 802.3
AdminStatus                                      : Up
MediaConnectionState                             : Connected
DriverInformation                                : Driver Date 2010-03-04 Version NDIS 6.20
DriverFileName                                   : nvmf6232.sys
NdisVersion                                      : 6.20
ifOperStatus                                     : Up
Caption                                          :
Description                                      :
ElementName                                      :
InstanceID                                       : {188C370D-AD90-46F3-8AD2-0C10AFB6490C}
CommunicationStatus                              :
DetailedStatus                                   :
HealthState                                      :
InstallDate                                      :
Name                                             : Ethernet
OperatingStatus                                  :
OperationalStatus                                :
PrimaryStatus                                    :
StatusDescriptions                               :
AvailableRequestedStates                         :
EnabledDefault                                   : 2
EnabledState                                     : 5
OtherEnabledState                                :
RequestedState                                   : 12
TimeOfLastStateChange                            :
TransitioningToState                             : 12
AdditionalAvailability                           :
Availability                                     :
CreationClassName                                : MSFT_NetAdapter
DeviceID                                         : {188C370D-AD90-46F3-8AD2-0C10AFB6490C}
ErrorCleared                                     :
ErrorDescription                                 :
IdentifyingDescriptions                          :
LastErrorCode                                    :
MaxQuiesceTime                                   :
OtherIdentifyingInfo                             :
PowerManagementCapabilities                      :
PowerManagementSupported                         :
PowerOnHours                                     :
StatusInfo                                       :
SystemCreationClassName                          : CIM_NetworkPort
SystemName                                       : RSLAPTOP01
TotalPowerOnHours                                :
MaxSpeed                                         :
OtherPortType                                    :
PortType                                         :
RequestedSpeed                                   :
Speed                                            : 100000000
UsageRestriction                                 :
ActiveMaximumTransmissionUnit                    : 1500
AutoSense                                        :
FullDuplex                                       : True
LinkTechnology                                   :
NetworkAddresses                                 : {001F1663F5DF}
OtherLinkTechnology                              :
OtherNetworkPortType                             :
PermanentAddress                                 : 001F1663F5DF
PortNumber                                       : 0
SupportedMaximumTransmissionUnit                 :
AdminLocked                                      : False
ComponentID                                      : pci\ven_10de&dev_0760
ConnectorPresent                                 : True
DeviceName                                       : \Device\{188C370D-AD90-46F3-8AD2-0C10AFB6490C}
DeviceWakeUpEnable                               : False
DriverDate                                       : 2010-03-04
DriverDateData                                   : 129121344000000000
DriverDescription                                : NVIDIA nForce 10/100/1000 Mbps Ethernet
DriverMajorNdisVersion                           : 6
DriverMinorNdisVersion                           : 20
DriverName                                       : \SystemRoot\system32\DRIVERS\nvmf6232.sys
DriverProvider                                   : NVIDIA
DriverVersionString                              :
EndPointInterface                                : False
HardwareInterface                                : True
Hidden                                           : False
HigherLayerInterfaceIndices                      : {26}
IMFilter                                         : False
InterfaceAdminStatus                             : 1
InterfaceDescription                             : NVIDIA nForce 10/100/1000 Mbps Ethernet
InterfaceGuid                                    : {188C370D-AD90-46F3-8AD2-0C10AFB6490C}
InterfaceIndex                                   : 13
InterfaceName                                    : Ethernet_7
InterfaceOperationalStatus                       : 1
InterfaceType                                    : 6
iSCSIInterface                                   : False
LowerLayerInterfaceIndices                       :
MajorDriverVersion                               : 73
MediaConnectState                                : 1
MediaDuplexState                                 : 2
MinorDriverVersion                               : 30
MtuSize                                          : 1500
NdisMedium                                       : 0
NdisPhysicalMedium                               : 14
NetLuid                                          : 1688849977704448
NetLuidIndex                                     : 7
NotUserRemovable                                 : False
OperationalStatusDownDefaultPortNotAuthenticated : False
OperationalStatusDownInterfacePaused             : False
OperationalStatusDownLowPowerState               : False
OperationalStatusDownMediaDisconnected           : False
PnPDeviceID                                      : PCI\VEN_10DE&DEV_0760&SUBSYS_360A103C&REV_A2\3&2411E6FE&0&50
PromiscuousMode                                  : False
ReceiveLinkSpeed                                 : 100000000
State                                            : 2
TransmitLinkSpeed                                : 100000000
Virtual                                          : False
VlanID                                           :
WdmInterface                                     : False
PSComputerName                                   :
CimClass                                         : ROOT/StandardCimv2:MSFT_NetAdapter
CimInstanceProperties                            : {Caption, Description, ElementName, InstanceID…}
CimSystemProperties                              : Microsoft.Management.Infrastructure.CimSystemProperties

Notice the CimClass property ROOT/StandardCimv2:MSFT_NetAdapter   – this is one of the new WMI classes introduced in Windows 8.  Does this class have any methods?

Get-CimClass -Namespace ROOT/StandardCimv2 -ClassName MSFT_NetAdapter | select -ExpandProperty CimClassMethods


These will be investigated in other posts – maybe we get cmdlets to work with these as well

March 1, 2013  2:23 PM

Windows 8 Kindle app

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Amazon have released an update for the Windows 8 Kindle app that appears to have resolved the corrupted display issue that occurred after every few pages of reading.

I would recommend updating the app immediately. The app now seems to be usable.

February 27, 2013  2:23 PM

Book offer–AD Management in a Month of Lunches

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

AD Management in a month of lunches is today’s deal of the day from Manning – www.manning.com

The get 50% off today using code dotd0227cc. The offer is good for today only

The same code can be used for 50% off PowerShell in Practice

February 27, 2013  2:19 PM

Last nights Live Meeting

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

The sound was awful on last night’s Live Meeting so I intend to re-record it at the weekend.  I’ll post the recording and scripts once its done.

I’m also investigating an alternative delivery mechanism that will hopefully solve the sound issues.

February 27, 2013  2:15 PM

Filter or LDAP filter

Richard Siddaway Richard Siddaway Profile: Richard Siddaway

Many of the Microsoft AD cmdlets have a –Filter and an –LDAPFilter parameter.  So what’s the difference?

PS> Get-Help Get-ADUser -Parameter *Filter*

-Filter <String>
    Specifies a query string that retrieves Active Directory objects. This string uses the PowerShell Expression
    Language syntax. The PowerShell Expression Language syntax provides rich type-conversion support for value types  received by the Filter parameter. The syntax uses an in-order representation, which means that the operator is placed between the operand and the value. For more information about the Filter parameter, see  about_ActiveDirectory_Filter.

-LDAPFilter <String>
    Specifies an LDAP query string that is used to filter Active Directory objects. You can use this parameter to run  your existing LDAP queries. The Filter parameter syntax supports the same functionality as the LDAP syntax. For  more information, see the Filter parameter description and the about_ActiveDirectory_Filter.

This means you have two ways to approach a problem. Lets think about finding a single user:

Get-ADUser -LDAPFilter "(samAccountName=Richard)"

Get-ADUser -Filter {samAccountName -eq ‘Richard’}

The LDAPFilter uses LDAP query syntax – attribute and value.  Filter uses PowerShell syntax. You could think of the –Filter as a condensed version of

Get-ADUser -Filter * | where samAccountName -eq ‘Richard’

Use the –Filter parameter because its less typing and you filter early – especially important if querying across a network.

You can use multiple attributes in the filters  – & implies AND in the LDAP filter

Get-ADUser -LDAPFilter "(&(givenname=Bill)(sn=Green))"

Get-ADUser -Filter {GivenName -eq ‘Bill’ -and Surname -eq ‘Green’}

The LDAP filter HAS to use the correct attribute name but Filter uses the property name returned by Get-ADUser.

LDAP filters can get very complicated very quickly. For instance if you want to find the disabled user accounts

Get-ADUser -LDAPFilter "(&(objectclass=user)(objectcategory=user)(useraccountcontrol:1.2.840.113556.1.4.803:=2))"

Get-ADUser -Filter {Enabled -eq $false}

Alternatively,and in my opinion, its simpler to use Search-ADaccount

Search-ADAccount -AccountDisabled –UsersOnly

Which one should you use?  The one that best solves your problem. I mix & match to suit the search I’m performing

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: