Common Windows Server administrative tasks

Raise Forest Functional Level

domain.msc > Active Directory Domains and Trust > Raise Forest Functional Level


Fine-grained password policies

Administrative Center: dsac.exe > Tree View > System > Password Settings Container > New > Password Settings


Password Expiration Notification

Group Policy Management: gpmc.msc > Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options > Interactive logon: Prompt user to change password before expiration > 14 days



Server Manager:



Windows Firewall

Windows Firewall with Advanced Security: wf



Active Directory Domains and Trusts:




Active Directory Sites and Services:




Certificate Authority:




DNS Management:




DHCP Management:




Windows Server Backup:



PowerShell Control output

Get-Process | Format-Table
Get-Process | Format-Table *
Get-Process | Format-Table Name, Id, Responding

Get-Process | Format-List
Get-Process | Format-List *
Get-Process | Format-List Name, Id, Responding

Get-Process | Format-wide Name -col 5


Get-Process | sort | Format-Table Name, Id, Responding
Get-Process | sort | Format-List Name, Id, Responding

Get-Service | sort Status | Format-Table -GroupBy Status
Get-Service | sort Status | Format-List -GroupBy Status

Select-object *

Get-Service | Select-Object *

Get-Service VSS
Get-Service VSS | Select-Object *

Like, eq,

Get-Service | ?{$_.Status -like 'Running'}
Get-Service | ?{$_.Name -like 'V*'}

Sort and Group by

 Get-Service | sort Status | ?{$_.Name -like 'V*'} | ft -GroupBy Status

Output to text

Get-Service | ft Name, ServiceName, Status | Out-File test.txt

Get-Service | select * | Export-Csv test.csv

Get-Service | Export-Clixml test.xml

Get-Service | ConvertTo-Html | Out-File test.html

Administration with PowerShell

Get Password policy

Get-ADUser -Identity kim -properties PasswordLastSet, PasswordExpired, PasswordNeverExpires, EmailAddress, GivenName

Get Password expiry date (from all users)

Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed" | Select-Object -Property "Displayname",@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}}

Get Password expiry date

Get-ADUser kim -properties "msDS-UserPasswordExpiryTimeComputed" | Select @{Name = "Password expires in" ; e={[datetime]::FromFileTime($_.“msDS-UserPasswordExpiryTimeComputed”)}}

Password Countdown

Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} –Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed" | sort msDS-UserPasswordExpiryTimeComputed | Select-Object -Property "Displayname", @{Name="ExpiryDate"; Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}}, @{Name="Countdown"; e={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")-(Get-Date)}}

Password expiring users

Get-ADUser -filter {Enabled -eq $True -and PasswordNeverExpires -eq $False} -Properties "DisplayName", "msDS-UserPasswordExpiryTimeComputed" | Select-Object -Property "Displayname",@{Name="ExpiryDate";Expression={[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed")}} | Where-Object {$_.ExpiryDate -lt (get-date).AddDays(14)} | Sort-Object ExpiryDate

Force restart server using cmd

shutdown /r /f /t 0 /m \\ServerName

Leave a Comment

Your email address will not be published. Required fields are marked *