To check version of currently installed module:

PS C:\>Get-Module AzureRM -list | Select-Object Name,Version,Path

To install module:

PS C:\>Install-Module AzureRM

If you need to first uninstall existing older version:

PS C:\>Uninstall-Module AzureRM

To login to Azure:

PS C:\>Login-AzureRmAccount

Once you are logged in is always a good idea to check what subscription you are defaulted to. This is important in case you have multiple subscriptions. You would not want to accidentally run certain command on a PROD subscription for example.

PS C:\>Get-AzureRmSubscription

You can switch to different subscription with:

PS C:\>Select-AzureRmSubscription -SubscriptionName 'MSDN Platforms'

For more details see this link.

PowerShell v5.0 on windows 10 adds syntax highlighting to your code.  If you update your Windows 7/8 or Server 2008 R2/2012 R2 to .Net Framework 4.5/6 and WMF to 5.0 you will NOT get syntax highlighting.  To add this feature launch PowerShell as Administrator and run the following command:

Install-Module PSReadline

Restart PowerShell and you should now see syntax highlighting.

PS Syntax Higlighting


The following are simplified notes on patching a simple Lync 2013 Enterprise estate.  For detail instructions always use:

  1. Login to first Lync server you wish to upgrade using the Lync Admin account.  This account should be local admin and also have the necessary SQL rights if you are planning on updating the Database schema.

  2. I like to verify what version my current Lync tools are.  Use the following PS Script:

    Get-WmiObject -class Win32_Product | where {$ -like "*Lync Server*"} | Sort-Object Name | Select Name, Version | FT –AutoSize

  3. Next run the following command to verify Lync is in a "ready" state for upgrade.


  4. Start upgrade on the first server in the first Upgrade Domain.  Be sure to login using the Lync Admin account.  If you plan to update the database schema once Lync Servers are all upgraded be sure the Lync Admin account has the necessary SQL rights.  Run the following command to stop all Lync services:

    Stop-CsWindowsService -Graceful

  5. Once all services are stopped you may run the Lync Server Cumulative Update Installer.  Be sure to always check for latest version as the tool does get upgraded.

  6. When updates finish reboot the server.  Login and run the command from step two above if you wish to verify versions installed.  Your output will vary from image below.

  7. Repeat steps 1 - 6 for each Lync server you have in your estate.  Work your way out from Front-End server to Edge server always waiting for a "Ready" state before continuing.  If you do not you may cause corruption.

  8. When all Lync servers have been successfully upgraded you must check to see if a database update is necessary.  Run the following command to verify.

    Test-CsDatabase -ConfiguredDatabases -SqlServerFqdn -Verbose

    If upgraded is needed run:

    Install-CsDatabase -ConfiguredDatabases -SqlServerFqdn -Verbose

    Pay attention for success messages and run the "Test-CsDatabase" again to verify.  That's it.  You're done!

There may be times when you need to PS Remote to a server from a computer that is not in the domain.  I have a new laptop that I have decided to keep off my domain.  Here are the steps required to allow my Win8 PC to PSRemote to a 2012 R2 server.

1. On the Win8 computer run the following commands:

cd WSMan:\localhost\Client

Set-Item .\TrustedHosts -Value "*" -Force

2. On the 2012 R2 Server run the same commands:

cd WSMan:\localhost\Client

Set-Item .\TrustedHosts -Value "*" -Force

You may consider setting a value for TrustedHosts on the server.  This will provide higher level of security.  Value should be IP Address.

3. Verify WinRM service is running by running the following command from elevated PS session:

Test-WSMan -computername "targetPCname"

That should do it.  You should be able to connect from the Win8 PC by entering the following in PS session:

$creds = get-credential

Enter-PSSession -ComputerName HOU-DC01 -Credential $creds

Two things to consider.  You must use a variable for credentials.  Using the -credential parameter and passing it a value inline does not work.  Not sure if this is a bug.  Also, to use the -UseSSL parameter you must configure a port.  I have not shown you how to do that here.


We are introducing Windows Server 2012 R2 into our Production environment at work.  I decided I would use PowerShell Remoting to install the ADS services and promote the server to Domain Controller.

First step is to remote to the 2012 R2 server.  You can do this from any PC that has PowerShell installed.  I'm doing it from my Windows 7 PC.

PS C:\>Enter-PSSession -ComputerName RemoteServer -Credential yourdomain\yourusername

If all goes well your prompt should change to the following:

[RemoteServername]: PS C:\>

This means you are now connected to the remote server and any command you run will execute on the remote server.  This includes DOS commands.  Now we need to run the following command to install the ADS Role:

Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools

You will see the following message showing install progress:

 When complete you should get a confirmation:

Success   Restart Needed    Exit Code      Feature Result
-------      --------------            ---------          --------------
True      No                      Success        {Active Directory Domain Services, Remote ...

You can also run the following command to verify install:

[RemoteServername]: PS C:\>Get-Command -Module ADDSDeployment
CommandType     Name                                                                 ModuleName
-----------               ----                                                                     ----------
Cmdlet          Add-ADDSReadOnlyDomainControllerAccount                 ADDSDeployment
Cmdlet          Install-ADDSDomain                                                    ADDSDeployment
Cmdlet          Install-ADDSDomainController                                       ADDSDeployment
Cmdlet          Install-ADDSForest                                                     ADDSDeployment
Cmdlet          Test-ADDSDomainControllerInstallation                          ADDSDeployment
Cmdlet          Test-ADDSDomainControllerUninstallation                      ADDSDeployment
Cmdlet          Test-ADDSDomainInstallation                                      ADDSDeployment
Cmdlet          Test-ADDSForestInstallation                                       ADDSDeployment
Cmdlet          Test-ADDSReadOnlyDomainControllerAccountCreation   ADDSDeployment
Cmdlet          Uninstall-ADDSDomainController                                  ADDSDeployment

Now to join the current server to the domain as a Domain Controller use the following command:

[RemoteServername]: PS C:\> Install-ADDSDomainController -Credential (Get-Credential) -DomainName -DatabasePath D:\Windows\NTDS -LogPath D:\Windows\NTDS -SysvolPath D:\Windows\SYSVOL -SiteName NameOfSite

There are several other options that can be used but these three are important.  At first I did not pass the -Credential argument thinking it would use the credentials I used to PSRemote to the server but when I ran the Install-ADDSDomainController command I received an error "Install-ADDSDomainController : Verification of user credential permissions failed. Failed to examine the Active Directory forest. The error was: ldap_search()".  When I used the -Credential (Get-Credential) the command succeeded with no problems.  Also, If you don't use -DatabasePath the database will install to:


For a full list of options go here:

You will be prompted for the Safe Mode Administration Password.  You will then see a message stating server will be configured as a Domain Controller and restarted.  Just hit enter as the default answer is Y.

You will see the progress as it installs and you may also see some warnings about "Delegation for this DNS server cannot be created because the authoritative parent zone cannot be found..."  You may ignore this warning if you are not worried about external DNS queries.

If install is successful you will see the following:

Message                                            Context                                                                          RebootRequired                   Status
-------                                                 -------                                                                              --------------                           ------
Operation completed successfully          DCPromo.General.3                                                           False                                  Success

That is it.  You have a new DC on your domain!

To demote a Domain Controller you can use the following command:

Uninstall-ADDSDomainController -Credential (Get-Credential)