Powershell Cheat Sheet

How to find the command you are interested

Get-Command | Where-Object {$_.CommandType -eq ‘cmdlet’}

Get-Command | Where-Object {$_.Name -like ‘*clear*’}

Get-WindowsFeature *dns*

Get-Help *-DNS*

Some useful commands for managing AD objects.

get-aduser -filter * -properties lastlogondate | ft name, lastlogondate

get-aduser -filter * -properties lastlogondate,passwordlastset | ft name, lastlogondate,passwordlastset

get-aduser -filter { enabled -ne $true }

Search-ADAccount -AccountDisabled ( help Search-ADAccount for more syntax )

Search-ADAccount -AccountDisabled -usersonly | fl name

Search-ADAccount -Lockedout

get-ADOrganizationalUnit -filter * | fl Name

New-ADOrganizationalUnit “Test OU”
New-ADGroup -Name “IT Department” -GroupScope Global -path “ou=Test OU,dc=econe.dc=pri”

Add-ADGroupMember “IT Department” helpdesk

Get-ADGroupMember “Domain Admins” | ft name

Get-ADPrincipalGroupMembership helpdesk | ft name

Get-AdGroup “IT Department”


Bulk activities

csvde -f output1.csv -d “cn=users,dc=econe,dc=pri” -r “objectclass=user”

similar command is – “ldifde” ( the output will be in ldf  format )

Import-csv newusers.csv | New-AddUser ( this way will provide a way to user bulk creation, the newusers.csv file needs to be constructed properly )





Common used VMware Memory Performance Metrics on vSphere Client

The vSphere Client exposes several memory performance statistics for users to identify VM memory usage.

Some of the important memory performance metrics follow. Each metric name appears under the Measurement column of the Performance Chart Legend, as shown in the following screenshot:


  • Active: The amount of guest physical memory that is being used by the VM. Active memory may be different from what is seen inside the guest operating system. This is because the guest operating system generally has a more precise view about what memory is “active” than the hypervisor because it knows when applications allocate or deallocate memory. In addition, the sampling technique used by ESX often takes time to converge, so the memory usage measured in the guest operating system may be more accurate when the workload memory usage is fluctuating.
  • Shared: The amount of guest physical memory shared through transparent page sharing. This includes the memory shared with other VMs and the memory shared within the VM.
  • Consumed: The amount of host physical memory allocated to the VM, accounting for saving from memory sharing with other VMs. When multiple VMs share a host memory region, each VM is accounted to consume the shared memory proportionally based on the total references to that host memory. For example, if a VM has 100MB host memory equally shared with the other three VMs, the Consumed memory only accounts for 25MB. If the 100MB memory is only shared within the VM, the Consumed memory accounts for 100MB.

    Note that for a host that is not memory overcommitted, the Consumed memory represents a “high water mark” of the memory usage by the VM. It is possible that in the past, the VM was actively using a large amount of host physical memory but currently it is not. Because host memory is not overcommitted, the Consumed memory will not be shrunk through ballooning or swapping. Hence, the Consumed memory could be much higher than the Active memory when host memory is not overcommitted.

  • Granted: The amount of guest physical memory currently backed by the host physical memory. Due to memory sharing, the Granted memory is greater than or equal to the Consumed memory. For instance, assuming a guest allocates 100MB memory while the whole memory are zeroes, once all the zeroed pages are shared, the VM’s Granted memory is 100MB but the VM’s Consumed memory is only 4k.
  • Overhead: The extra host physical memory used by the ESX to run a VM. The Overhead memory has two components: 1) System wide overhead from VMkernel; 2) Additional overhead for each VM, including the space reserved for the VM frame buffer and various virtualization data structures. Since the Overhead memory always resides in host memory, ESX must reserve memory for it. Thus a VM’s memory reservation has two individual components: user-specified memory reservation and overhead memory reservation. For example, if the user specifies a 1GB reservation and the Overhead memory for the VM is 100MB, the VM’s memory reservation when powered on would be 1.1GB.
  • Balloon: The amount of guest physical memory that is currently reclaimed through the balloon driver.
  • Swapped: The amount of guest physical memory swapped out to the VM’s swap device by ESX.
  • Swapped in rate: The rate at which the host physical memory is being swapped in from the host swap device.
  • Swapped out rate: The rate at which the host physical memory is being swapped out to the host swap device.

more details, please check VMware Community

Clean up docker containers and images

For some reason, docker is not that friendly to disk space and different applications may have different issues in terms of cleaning up old stale docker containers and images. When docker directory is filling up, your application would die. So keep an eye on the disk utilisation of docker partition is very critical. You shall monitor this by either scripting or third party monitoring tool.

Try the below commands, they are tested on CentOS 7 with docker: 1.5.0 , build a8a31ef

  1. docker images | grep “<none>”

find out the image ID, then run docker rmi $imageID

2.  docker rm `docker ps -a | grep Exited | awk ‘{print $1 }’`

3.  If your application is running, it is safe to use the following as well, do not run this when your application service is not

running, a good practice is to take a snapshot if you are uncertain about the results.

docker rmi `docker images -aq`

Change the default docker0 interface address

I was deploying Zenoss core 5, as you may know, zenoss core 5 is packed into a docker container. so the deployment is to get the docker installed, then install the Zenoss Control Center, then download the proper docker image. To me, while it simplifies the deployment of Zenoss Core 5 itself and ease the backup/restore, it actually introduce some overheads to manage the system.

One of the issues I met was on default docker0 interface, by default, the interface has an IP address:, but I have a few subnets which are in 172.17 range, so I had some trouble to reach those devices because of default routing. So I have to change the default address.

Steps to change the docker0 interface address:

I run Zenoss on CentOS 7, so the steps here only cover CentOS.

1. Stop Serviced ( control center process )

systemctl stop serviced

2. Stop docker

systemctl stop docker

3. change the file /etc/sysconfig/docker

default: DOCKER_OPTS=”-s btrfs –dns=″

change to: DOCKER_OPTS=”-s btrfs –bip=″ is an example here, you need to pick up the range suits your environment.

4. run the command below :

ip link set dev docker0 down

brctl delbr docker0

iptables -t nat -F POSTROUTING ( flush the nat table is very important, you may still have the old entries which was using the default 172.17 range, which will cause network issues )

5. bring up the docker service and the new address should be assigned to docker0

systemctl start docker

6. You might want to inject another rule into iptables to allow the docker0 and other virutal interfaces to be able to communicate with external world.

iptables -A INPUT -d 192,168.10.0/24 -j ACCEPT

If you still have trouble, you need to check carefully of your iptables, local policy routing etc.

You can also check the docker advanced network here:



it is time to start blogging

Someone would question why I just start to blogging, yes, I know, it is a bit late. But late is better than never, right ?

I have lots of notes, tips, tricks about the stuff I am doing and they are all in different places on my laptop and brain, It is time to put them together, to make my life easier and could also help someone else on the internet.

I am not a native English speaker/writer, so laughing is accepted, however, please also feel free to point out if I write something doesn’t look right. thanks!