PowerShell is one of those tools that IT professionals either use heavily or avoid almost entirely. The ones who use it heavily are faster, more consistent, and less likely to make errors on repetitive tasks. The ones who avoid it are clicking through the same GUI screens every day for tasks that could run in three seconds from a terminal.

This post is for the second group and for the first group who want to sharpen their command repertoire.

The 20% of PowerShell That Covers 80% of IT Tasks

PowerShell has thousands of cmdlets across dozens of modules. You do not need most of them. The commands IT professionals use most frequently cluster around a predictable set of tasks: creating and managing user accounts, bulk operations in Microsoft 365, network diagnosis, and pulling system information without clicking through multiple GUI screens.

Before running any of the commands below, confirm your execution policy allows scripts:

Get-ExecutionPolicy

If it returns Restricted, set it for the current session:

powershellSet-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser

User and Account Management Commands
These commands cover Active Directory user management, which represents a significant portion of daily IT work in most enterprise environments.

Check if a user account exists and get its status:

powershellGet-ADUser -Identity "jsmith" -Properties LockedOut, PasswordExpired, PasswordLastSet, LastLogonDate | Select-Object Name, LockedOut, PasswordExpired, PasswordLastSet, LastLogonDate

This single command tells you whether an account is locked, whether the password has expired, when it was last set, and when the user last logged in. Run this before touching anything else on an account ticket.

Unlock a locked account:

powershellUnlock-ADAccount -Identity "jsmith"

Reset a password and force change at next logon:

powershellSet-ADAccountPassword -Identity "jsmith" -Reset -NewPassword (ConvertTo-SecureString "TempPassword123!" -AsPlainText -Force)
Set-ADUser -Identity "jsmith" -ChangePasswordAtLogon $true

Find all locked accounts in the domain:

powershellSearch-ADAccount -LockedOut | Select-Object Name, SamAccountName, LastLogonDate

This is significantly faster than checking individual accounts or using the GUI to search. Run this when multiple users report lockouts simultaneously to assess scope.

Get all members of a security group:

powershellGet-ADGroupMember -Identity "GroupName" -Recursive | Select-Object Name, SamAccountName

Add a user to a group:

powershellAdd-ADGroupMember -Identity "GroupName" -Members "jsmith"

Find accounts that have not logged in for 90 days:

powershell$cutoff = (Get-Date).AddDays(-90)
Get-ADUser -Filter {LastLogonDate -lt $cutoff -and Enabled -eq $true} -Properties LastLogonDate | Select-Object Name, SamAccountName, LastLogonDate | Sort-Object LastLogonDate

This is useful for access reviews and identifying stale accounts before they become a security risk.

Microsoft 365 Administration via PowerShell

The Microsoft Graph PowerShell SDK is the current standard for M365 administration. Install it once and use it for everything.

Install and connect:

powershellInstall-Module Microsoft.Graph -Scope CurrentUser -Force
Connect-MgGraph -Scopes "User.Read.All", "Group.Read.All", "Directory.Read.All"

Get a user's license status:

powershellGet-MgUserLicenseDetail -UserId "jsmith@company.com" | Select-Object SkuPartNumber

Find all unlicensed users:

powershellGet-MgUser -All -Property DisplayName, UserPrincipalName, AssignedLicenses | Where-Object { $_.AssignedLicenses.Count -eq 0 } | Select-Object DisplayName, UserPrincipalName

Get all members of a Microsoft 365 group:

powershell$group = Get-MgGroup -Filter "displayName eq 'GroupName'"
Get-MgGroupMember -GroupId $group.Id | ForEach-Object { Get-MgUser -UserId $_.Id | Select-Object DisplayName, UserPrincipalName }

Check a user's mailbox size (requires Exchange Online module):

powershellInstall-Module ExchangeOnlineManagement -Scope CurrentUser
Connect-ExchangeOnline -UserPrincipalName admin@company.com
Get-MailboxStatistics -Identity "jsmith@company.com" | Select-Object DisplayName, TotalItemSize, ItemCount

Get all shared mailboxes:

powershellGet-Mailbox -RecipientTypeDetails SharedMailbox | Select-Object DisplayName, PrimarySmtpAddress

Disable a user account and revoke active sessions (offboarding):

powershell# Disable the account
Update-MgUser -UserId "jsmith@company.com" -AccountEnabled $false

Revoke all active sessions

Revoke-MgUserSignInSession -UserId "jsmith@company.com"

These two commands together should be the first steps in any offboarding runbook. Running them via PowerShell is faster and less error-prone than navigating the Admin Center GUI, particularly when offboarding multiple users simultaneously.

Network Diagnosis Commands

PowerShell has significantly expanded its network diagnostic capability in recent versions. These commands complement the traditional tools covered in the network diagnosis post.

Test connectivity to a specific host and port:

powershellTest-NetConnection -ComputerName "server.company.com" -Port 443

This is more useful than ping for application connectivity issues because it tests the specific port rather than just ICMP reachability.

Get the routing table:

powershellGet-NetRoute | Where-Object { $_.DestinationPrefix -ne "ff00::/8" } | Select-Object DestinationPrefix, NextHop, InterfaceAlias | Sort-Object DestinationPrefix

Useful for diagnosing VPN routing issues where specific subnets are not routing correctly.

Check DNS resolution:

powershell
Resolve-DnsName "internal.resource.company.com"
Resolve-DnsName "internal.resource.company.com" -Server "8.8.8.8"

Running the second command against an external DNS server lets you compare internal and external resolution, useful for diagnosing split-DNS issues.

Get all network adapters and their status:

powershellGet-NetAdapter | Select-Object Name, Status, LinkSpeed, MacAddress

Flush the DNS cache:

powershell
Clear-DnsClientCache

Check open TCP connections:

powershell
Get-NetTCPConnection -State Established | Select-Object LocalAddress, LocalPort, RemoteAddress, RemotePort | Sort-Object RemoteAddress

Useful for identifying unexpected outbound connections from a machine showing anomalous behavior.

System Information and Health Checks

These commands pull system information faster than navigating through System Properties, Device Manager, or Event Viewer.

Get basic system information:

powershell
Get-ComputerInfo | Select-Object CsName, WindowsProductName, WindowsVersion, OsArchitecture, CsProcessors, CsTotalPhysicalMemory

Check disk space on all drives:

powershell
Get-PSDrive -PSProvider FileSystem | Select-Object Name, @{N='Used(GB)';E={[math]::Round($.Used/1GB,2)}}, @{N='Free(GB)';E={[math]::Round($.Free/1GB,2)}}

Get the last 50 System event log errors:

powershellGet-EventLog -LogName System -EntryType Error -Newest 50 | Select-Object TimeGenerated, Source, Message | Format-Table -AutoSize

Check running services and their status:

powershell
Get-Service | Where-Object { $.StartType -eq "Automatic" -and $.Status -ne "Running" } | Select-Object Name, DisplayName, Status

This returns all services set to start automatically that are not currently running, which is a quick health check for any machine reporting application issues.

Get installed software:

powershellGet-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall* | Select-Object DisplayName, DisplayVersion, Publisher, InstallDate | Sort-Object DisplayName

Check Windows Update history:

powershell
Get-HotFix | Sort-Object InstalledOn -Descending | Select-Object -First 20 HotFixID, Description, InstalledOn

Useful for correlating issues with recent updates. If a user reports a problem that started "after an update," this shows you exactly what was installed and when.

Using AI to Generate and Verify PowerShell Commands

PowerShell syntax is precise and errors are unforgiving, particularly when running commands against production systems. AI tools have become genuinely useful for generating PowerShell one-liners for tasks outside your usual repertoire.

The workflow that works: describe what you want to accomplish in plain English, have the AI generate the command, then verify it against the official Microsoft documentation before running it in production. Never run AI-generated PowerShell against production systems without understanding what each parameter does.

AI Tech Pal's June agent can generate and explain PowerShell commands in the context of an IT ticket. If a ticket comes in requiring a bulk operation you have not done before, June will produce the command, explain each parameter, and flag any risks specific to your described environment.

The important caveat: AI-generated commands should be tested in a non-production environment first whenever possible. Bulk operations against Active Directory or Microsoft 365 in particular carry risk if run with incorrect parameters.

Frequently Asked Questions

What PowerShell commands do IT professionals use most?
Get-ADUser for account information, Unlock-ADAccount for lockouts, Test-NetConnection for connectivity testing, Get-EventLog for log review, and Get-Service for service status. These five commands appear in the workflow of most IT professionals who use PowerShell regularly. The Microsoft Graph cmdlets for M365 administration are increasingly common as organizations move to cloud identity.

How do you use PowerShell for Microsoft 365 administration?
Install the Microsoft Graph PowerShell SDK and the Exchange Online Management module. Connect using Connect-MgGraph for identity and directory tasks and Connect-ExchangeOnline for mailbox administration. The legacy AzureAD and MSOnline modules have been deprecated by Microsoft and should not be used for new scripts.

What PowerShell commands help with network diagnosis?
Test-NetConnection for port-specific connectivity testing, Resolve-DnsName for DNS diagnosis, Get-NetRoute for routing table review, and Get-NetTCPConnection for active connection analysis. These four commands cover the most common network diagnostic scenarios at the helpdesk level.

How do you get started with PowerShell if you've avoided it?
Start with read-only commands: Get-ADUser, Get-Service, Get-EventLog. These commands cannot make changes and are safe to run in any environment. Once you are comfortable reading output and understanding the structure of PowerShell commands, move to commands that make changes. Always test in a lab environment before production.

Can AI help write PowerShell commands for IT tasks?
Yes, with an important caveat. AI tools including ChatGPT, Claude, and AI Tech Pal can generate accurate PowerShell commands for most common IT tasks. Always verify AI-generated commands against Microsoft's official documentation and test in a non-production environment before running against production systems. Bulk operations against Active Directory or Microsoft 365 in particular require careful review before execution.

Conclusion
PowerShell is not optional for IT professionals who want to work at scale. The commands above cover the tasks that consume the most time when done through a GUI and that benefit most from automation and consistency. Start with the ones relevant to your most common ticket types and build from there. The investment in learning the syntax pays back within the first week of regular use.

Hit the Subscribe button below to get more articles like this delivered straight to your inbox.

Ready to pair PowerShell with AI-powered ticket resolution? Start your free 15-day trial at aitechpal.com/register. No credit card required.
Which PowerShell command has saved you the most time? Share it in the comments.