How to administer clients on a domain using 5 common PowerShell cmdlets

Systems admins managing Windows clients should brush up on these PowerShell cmdlets when performing common administrative tasks on their domain-connected devices.

Seasoned admins have their Windows management tasks down pat--they probably have a variety of scripts or processes in place to handle common issues that afflict clients regularly without breaking a sweat. While many of these tried-and-true fixes work beautifully right now, Microsoft has made it clear that the future of systems management is aimed squarely at PowerShell (PS).

By aggressively integrating--and continuing to develop--support for just about all aspects of the OS and specialized applications Microsoft has written, it is the preferred tool for managing clients and servers moving forward. So much so that Microsoft purchased GitHub and made PowerShell open source, integrating the Linux Subsystem into PS (and vice-versa), allowing Windows admins to manage Linux devices and Linux admins to manage Windows clients.

SEE: Resolve IT issues quickly with these 10 PowerShell cmdlets (free PDF) (TechRepublic)

With that said, below are some common scenarios IT will encounter while managing Windows client devices and the PowerShell cmdlets that can be used to resolve the issues when they arise. The best part? These PowerShell cmdlets can be run remotely. Note: The PowerShell cmdlets may be locally inaccessible over the network; otherwise, they may be run remotely by

How to join a device to the domain

New-ADComputer -Name ComputerName -Server DC.DomainName.ext -Path "OU=Computers,DC=Domain,DC=ext" -Enabled \$True -Restart Force

How to fix a broken trust between devices and domain

Test-ComputerSecureChannel

If it comes back as True, the trust is intact; if it comes back as False, it needs to be repaired.

Test-ComputerSecureChannel -Repair -Credential

Sometimes the trust is fine, but the machine password is not and needs to be reset. The following command will accomplish that.

Reset-ComputerMachinePassword

How to check Active Directory replication status

To check the replication status for the domain, including last known synchronization:

Get-ADReplicationPartnerMetadata -Target "domain.ext" -Scope Domain

To obtain a list of replication failures for a given domain controller:

Get-ADReplicationFailure -Target DC.DomainName.ext

To obtain a list of failures for the forest:

Get-ADReplicationFailure -Target DomainName.ext -Scope Forest

How to modify network connection settings

To set the network settings, we must perform two cmdlets. The first one sets the IP-related settings on the active network card:

New-NetIPAddress -IPAddress XXX.XXX.XXX.XXX -DefaultGateway XXX.XXX.XXX.XXX -Prefixlength 24 -InterfaceIndex (Get-NetAdapter).InterfaceIndex

The second cmdlet sets the DNS Server settings on the active network card. Multiple servers may be included when separated with commas:

Set-DNSClientServerAddress -InterfaceIndex (Get-NetAdapter).InterfaceIndex -ServerAddress XXX.XXX.XXX.XXX, XXX.XXX.XXX.XXX

How to install managed Microsoft Store apps

For standalone apps:

Add-AppxProvisionedPackage -Online -FolderPath \\path\to\server\share\file.AppxBundle

For apps with dependencies (separated by comma):

Add-AppxProvisionedPackage -Online -FolderPath \\path\to\server\share\file.AppxBundle -DependencyPackagePath "\\path\to\server\share\file1.Appx", "\\path\to\server\share\file1.Appx" -SkipLicense

Also see

By Jesus Vigo

Jesus Vigo is a Network Administrator by day and owner of Mac|Jesus, LLC, specializing in Mac and Windows integration and providing solutions to small- and medium-size businesses. He brings 19 years of experience and multiple certifications from seve...