When diagnosing issues, it's good to be as quick and efficient as possible. The faster you can diagnose an issue, the faster you can resolve it and restore regular operations. This is a place where PowerShell shines. If you have the right command, it can be much quicker to run it than to click through the GUI to collect data. Here, we'll look at some short PowerShell snippets to use while troubleshooting issues. All of these are easy commands that you can begin using yourself!
Get Recently Modified GPOs
"Did a recent GPO change cause this problem?" is a common thought while looking at issues that pop up unexpectedly. The following command, run on a DC, will list the 10 most recently changed group policies in the domain, including their modified date. After running this, you can determine if you need to check any of the GPOs for settings that might be causing the issue you're looking at.
Get-GPO -all | sort ModificationTime -Descending | select -First 10 | ft DisplayName, ModificationTime
Get Installed Windows Updates
Another very common troubleshooting step is reviewing the update status of a server. For example, you might need to check if a certain hotfix is installed or when the last batch of updates was ran. Get-Hotfix is the perfect command for this job. This snippet will list all of the installed Windows updates, sorted by their KB number:
Get-HotFix | sort HotFixId | ft HotFixID, InstalledOn, Description
Find Text in Text Files
Sometimes you want to find if a text file in a certain directory tree contains a certain string. You can use the Windows Explorer search function to do this, or you can do it with PowerShell. The Select-String command will search the contents of the files you pass in. This example will search recursively in the "C:\Windows\Logs" directory for all *.log files that contain the text "warning":
Get-ChildItem -Recurse -Path "C:\Windows\Logs\" -Filter "*.log" | Select-String "warning"
The output of the Select-String command shows the path to the file found, the line number in the file that a match was found, and the actual text of the matching line. In the first result above, C:\Windows\Logs\CBS\CBS.log contains "warning" on line 58, and the full text of the line is shown (starting with "2018-03-16")
Netstat, with PowerShell
Server 2012+ includes the Get-NetTCPConnection command which can be used instead of the old netstat cmd command. By using the newer PowerShell command, we can do some handy filtering right in the PowerShell line:
#List only listening ports
Get-NetTCPConnection -State Listen
#List all connections to or from 22.214.171.124
Get-NetTCPConnection -RemoteAddress 126.96.36.199
#List all connections on port 389
Get-NetTCPConnection -RemotePort 389
#Get all entries and show them in a PowerShell Grid View (equivalent to netstat -nab)
Get-NetTCPConnection | Out-GridView
Here's the final example run on a test server. By ending the command with "| Out-GridView", our results are sent to a grid view window, where we can easily see, sort, and do additional filtering on them. You can use the grid view with just about any other PowerShell command, too!
While most of these tips focus on collecting specific data, hopefully you find them useful in day-to-day operations and support. The Out-GridView command is a particularly helpful tool to help review information quickly and can be used with practically any PowerShell command. Try it out today!
If you come across a situation where you think a script could save you time or help you out, feel free to contact Concurrency Premier+ Support. In additional to helping resolve issues, our support engineers are available to provide general technical help, including with scripts.