跳至内容
- 活动目录数据库的大小
- Get-ChildItem -Path C:\Windows\NTDS
- Get-Item -Path C:\Windows\NTDS\ntds.dit
- 查看磁盘空间
- get-disk
- get-partition
- $Object01 = New-Object -TypeName psobject -Property @{
- DiskLetter = Get-CimInstance -Classname Win32_LogicalDisk | select DeviceID
- DiskFreeSpace = (Get-CimInstance -ClassName Win32_LogicalDisk).FreeSpace | ForEach-Object {$PSItem / 1GB}
- }
- $Object02 = New-Object -TypeName psobject -Property @{
- DiskNumber = Get-PhysicalDisk | Select-Object DeviceId
- DiskStatus = Get-PhysicalDisk | Select-Object HeaLthStatus
- DiskMediaType = Get-PhysicalDisk | Select-Object MediaType
- TotalDiskSize = (Get-PhysicalDisk | Select-Object Size).Size | ForEach-Object { $PSItem / 1GB}
- }
- 清理活动目录垃圾信息 ,主要是删除的用户和计算机、卸载的DC 信息的清理 可以使用 ntdsutil 命令行工具
- 日志检查
- 系统产生的所有事件日志文件完整
- $FilePath = (Get-ChildItem -include .evt,.evtx -Path C:\Windows\system32\winevt\Logs -recurse).FullName
- 使用哈希表过滤日记
- $Filter = @{
- Path=$FilePath
- StartTime=$StartTime
- EndTime=$EndTime
- Level=1,2
- }
- $DateTime01 = Get-Date -Format yyyy-MM-dd
- $Logfile = “C:\$DateTime01.csv”
- Get-WinEvent -FilterHashtable $Filter | Out-File $Logfile -Encoding utf8
- 查看日志中错误,警告,关键日志总数
- $CountOfErrorLog = (Get-Content $Logfile | Where-Object { $_ -match ‘^\d’} | Measure-Object).Count