Skip to content
BLOG

Top 15 PowerShell cmdlets every sysadmin should know

Brock
Brock Bingham|Updated May 7, 2026
Illustration of Power(turtle)Shell
Illustration of Power(turtle)Shell
Sections

TL;DR: PowerShell cmdlets are the core building blocks of automation for sysadmins. This guide covers the 15 essential PowerShell cmdlets you should know, including Get-Help, Get-Command, Get-Member, Export-Csv, and Foreach, with clear examples to help you script, automate, and troubleshoot more efficiently.

The most important PowerShell cmdlets for sysadmins include Get-Help, Get-Command, Get-Member, Get-Process, Get-Service, Where-Object, and Select-Object. These cmdlets help IT admins find commands, inspect objects, manage services, filter output, export data, and build repeatable PowerShell scripts.

PowerShell commands are often cmdlets, which are lightweight commands built on .NET classes that return objects instead of plain text. This article uses “commands” and “cmdlets” interchangeably where it helps readability, but the examples focus on PowerShell cmdlets and scripting basics.

ConnectIcon CTA

Run PowerShell scripts on remote devices

Execute PowerShell scripts on managed devices from anywhere with PDQ Connect.

Start a free trial

1. Get-Help

Get-Help displays detailed documentation for any PowerShell cmdlet, including syntax, parameters, and examples. It also provides helpful examples to get you started. Get-Help serves as the primary built-in help system for PowerShell.

The Get-Help PowerShell command is used to interact with PowerShell’s integrated help system. It’s basically the self-help guide to PowerShell and the very first cmdlet you should familiarize yourself with. In fact, chapter 3 of Learn PowerShell in a Month of Lunches is dedicated to the Get-Help cmdlet and covers it in detail across 17 pages!

Here’s the syntax to use Get-Help:

Get-Help <cmdlet_name>

PowerShell console showing Get-Help Get-Process output with syntax and description for listing running processes.

By default, Get-Help limits the information returned by the command. Add the -Full parameter to view the entire help documentation about a given cmdlet, including descriptions, examples, and additional notes.

If you’re new to PowerShell, you may need to update your local help files using the Update-Help cmdlet. This ensures you have the latest help documentation available. It’s a good idea to update your PowerShell help files every couple of months.

Get-Help <cmdlet_name> -Full

2. Get-Command

The Get-Command cmdlet lists all available cmdlets, functions, and aliases on the computer.

Get-Command

PowerShell Get-Command output listing available cmdlets with command type, version, and source.

Get-Command is a great way to see what commands you can run. However, by default, this command returns over a thousand results, which can be overwhelming. Thankfully, you can narrow down the results with filters. For example, if I wanted to see which commands deal with certificates, I could filter for that specifically.

Get-Command -Name *certificate*
PowerShell Get-Command filtered by name certificate showing certificate-related cmdlets and functions.

Most cmdlets use common sense names, so filtering is an intuitive way to track down the cmdlet you’re looking for.

3. Get-Member

The Get-Member cmdlet in PowerShell lists the properties and methods of an object. It’s used to inspect what actions and data are available for a given command’s output. One quality that makes PowerShell so versatile is that almost everything in PowerShell is an object consisting of a name, methods, and properties.

<cmdlet_name> | Get-Member

PowerShell output showing Get-Date piped to Get-Member to inspect System.DateTime object methods and properties.

In this example, I’ve piped the Get-Date cmdlet to the Get-Member cmdlet, which returns the object’s attributes. I’ve also added the -Name *da* filter to narrow down the results, but you can ignore that for now. Let’s break down what’s happening in this example.

First, notice the usage of the pipeline operator.

PowerShell command Get-Date | Get-Member -Name da* highlighted to demonstrate filtering object members by name.

The pipeline operator sends the results of the preceding command to the following command. In this example, the results from the Get-Date cmdlet are passed to the Get-Member cmdlet.

Next, pay attention to the TypeName.

PowerShell Get-Member output highlighting the TypeName System.DateTime for the Get-Date object.

The TypeName is the type of object that the command returns. In this case, the object type is System.DateTime.

Lastly, notice the MemberTypes returned for the object.

PowerShell Get-Member output with MemberType column highlighted to show methods, properties, and script properties.

MemberTypes is where you’ll identify the methods and properties of an object. Methods are actions you can perform against the object, and properties are the object’s attributes.

Get-Member is an excellent cmdlet, especially for PowerShell beginners, to quickly identify the methods and properties of an object.

Throughout this article, I’m using PowerShell version 7.x. However, all the commands should function the same whether you’re using Windows PowerShell or PowerShell 7.x.

4. Out-File

Out-File is a PowerShell cmdlet used to write command output to a plain text file, commonly for logging or auditing. This feature is great, especially for tasks that require any kind of logging or auditing.

To use the Out-File cmdlet, you can either use the piping operator to pass output to it or the -InputObject parameter to specify the objects to be written to the file.

Get-Process | Out-File C:\Temp\processes.txt

Or:

$proc = Get-Process Out-File C:\Temp\processes.txt -InputObject $proc

These commands provide the same results, creating a text file containing the output of the Get-Process cmdlet. It’s important to note that the information in the text file will be formatted as if sent to the terminal window.

Notepad displaying processes.txt with formatted process list including memory, CPU usage, and process name.

5. Export-Csv

Managing large datasets is both common and easy with PowerShell. Whether you’re working with Active Directory objects, computer processes, or event logs, exporting large amounts of data with the Export-Csv is trivial.

Export-Csv does what its name implies and exports output to a CSV file. However, it’s important to point out that Export-Csv exports all object property values by default, so you’ll want to filter the properties using the Select-Object cmdlet.

Get-Process | Select-Object -Property ID, ProcessName | Export-Csv C:\CSV\processes.csv

Here is the resulting CSV file:

Notepad showing processes.csv with process ID and process name exported from PowerShell.

6. Get-ChildItem

In PowerShell, you'll often need to work with items in containers, such as files, certificates, or registries. Get-ChildItem returns files, folders, or other items from a specified container such as a directory, registry, or certificate store. If you only want to return specific items, you can use filtering to narrow down the results. You can also return items in subdirectories by using the -Recurse parameter. To limit the depth of the subdirectory search, use the -Depth parameter.

Get-ChildItem <folder_name>

This example returns all items located in the specified directory.

PowerShell Get-ChildItem output listing CSV files in C:\CSV with file names, sizes, and modified dates.

This example is a bit more complex and returns all TXT files containing the word “taco” in the specified directory and subdirectories.

Get-ChildItem C:\Temp\* -Recurse -Include *taco*.txt

PowerShell Get-ChildItem command using -Recurse and -Include to find text files matching a wildcard pattern.

This command returned two results, one located in the C:\Temp\Extra subdirectory and one in the C:\Temp directory.

7. Get-Process

The Get-Process cmdlet displays the processes running on a local or remote computer. This is one of those bread-and-butter PowerShell cmdlets that sysadmins use constantly for troubleshooting performance issues, identifying resource-heavy apps, and gathering process information.

Here’s the basic syntax:

Get-Process

This command returns a list of running processes, including process names, IDs, CPU usage, and memory usage.

You can also search for a specific process by name. For example, this command returns any running Notepad processes:

Get-Process -Name notepad

Need to find the processes using the most CPU? Sort the results by CPU usage and return the top 10.

Get-Process | Sort-Object CPU -Descending | Select-Object -First 10 Name, Id, CPU

This is a great example of the PowerShell pipeline doing what it does best: Taking output from one command, passing it to another command, then shaping the final result into something actually useful.

You can also export process information to a CSV file for reporting or troubleshooting documentation.

Get-Process | Select-Object Name, Id, CPU, WorkingSet | Export-Csv C:\CSV\process-report.csv -NoTypeInformation

This command gets running processes, selects a few useful properties, and exports the results to a CSV file.

8. Get-Service

The Get-Service cmdlet returns services installed on a computer, including each service’s status, name, and display name. Sysadmins commonly use it to check whether a service is running, stopped, or available for troubleshooting.

Here’s the basic syntax:

Get-Service

This command returns all services on the local computer, including their status, name, and display name.

To find a specific service, use the -Name parameter.

Get-Service -Name Spooler

You can also use wildcards to search for services when you don’t know the exact service name.

Get-Service -Name *update*

This command returns services with “update” in the service name.

If you only want to see stopped services, pipe the output to Where-Object.

Get-Service | Where-Object Status -eq "Stopped"

Or, if you want to export stopped services to a CSV file, you can use this:

Get-Service | Where-Object Status -eq "Stopped" | Select-Object Name, DisplayName, Status | Export-Csv C:\CSV\stopped-services.csv -NoTypeInformation

That’s a handy one-liner for audits, troubleshooting, or those “Can you send me a list?” requests that somehow always arrive 10 minutes before lunch.

9. Restart-Service

The Restart-Service cmdlet stops and then starts one or more services. It’s especially useful when troubleshooting services that are misbehaving, stuck, or just need a quick nudge.

Here’s the basic syntax:

Restart-Service -Name <service_name>

For example, this command restarts the Print Spooler service:

Restart-Service -Name Spooler

You can confirm the service status after restarting it by running:

Get-Service -Name Spooler

You can also restart a service and immediately check its status with one copy-paste-friendly block:

Restart-Service -Name Spooler Get-Service -Name Spooler

If you want PowerShell to ask for confirmation before restarting the service, add the -Confirm parameter.

Restart-Service -Name Spooler -Confirm

Be careful with this one. Restarting the wrong service can interrupt users, applications, or critical system functions. You may need to run PowerShell as administrator, and some services may have dependencies that are affected by a restart.

PowerShell is powerful, which is a polite way of saying it can absolutely help you ruin your own afternoon.

10. Where-Object

The Where-Object cmdlet filters objects based on conditions you specify. It’s one of the most useful PowerShell cmdlets because it helps you narrow down noisy command output and find exactly what you’re looking for.

Here’s the basic syntax:

<command> | Where-Object <property> <operator> <value>

For example, this command returns only running services:

Get-Service | Where-Object Status -eq "Running"

This command returns only stopped services:

Get-Service | Where-Object Status -eq "Stopped"

You can also use Where-Object to find large files. This example searches C:\Temp and returns files larger than 100 MB.

Get-ChildItem C:\Temp -Recurse -File | Where-Object Length -gt 100MB

Or you can find files modified in the last seven days:

Get-ChildItem C:\Temp -Recurse -File | Where-Object LastWriteTime -gt (Get-Date).AddDays(-7)

Where-Object is especially useful because it works with object properties, not just plain text. That means you can filter by properties like Status, Length, LastWriteTime, Name, ProcessName, and more.

Once you get comfortable with Where-Object, PowerShell starts feeling a lot less like a command line and a lot more like a sysadmin superpower.

11. Select-Object

The Select-Object cmdlet selects specific properties from an object. In human terms, it lets you clean up PowerShell output so you only see the information you actually care about.

Here’s the basic syntax:

<command> | Select-Object <property1>, <property2>

For example, this command returns only the name, ID, and CPU usage of running processes:

Get-Process | Select-Object Name, Id, CPU

You can also use Select-Object to return only a certain number of results. This command returns the first five processes from Get-Process.

Get-Process | Select-Object -First 5

This command returns the top 10 processes by CPU usage:

Get-Process | Sort-Object CPU -Descending | Select-Object -First 10 Name, Id, CPU

Select-Object is also incredibly useful when exporting data. Without it, Export-Csv may include way more properties than you need, turning your nice little report into a spreadsheet goblin.

Here’s a cleaner way to export process information:

Get-Process | Select-Object Name, Id, CPU, WorkingSet | Export-Csv C:\CSV\processes.csv -NoTypeInformation

By choosing specific properties before exporting, you get a cleaner, more readable CSV file — and fewer columns with names that look like they were generated during a keyboard emergency.

12. Out-GridView

Most of the time, PowerShell output returns to the console window. However, if you need to interact with the output, you can use the Out-GridView cmdlet. Out-GridView sends output to a grid view GUI window.

Here’s the syntax to use Out-GridView:

<command> | Out-GridView

PowerShell command Get-Service piped to Out-GridView to display services in an interactive window.
Out-GridView window showing Windows services with status, service name, and display name columns.

In this example, I’ve piped the Get-Service cmdlet to the Out-GridView cmdlet. The Out-GridView window automatically opened, containing the Get-Service command output, allowing me to interact with it.

If we want to take this example even further, we can use the -PassThru parameter to send multiple items down the pipeline, essentially letting you pick what output you want to pass on. Let’s update this example with the -PassThru parameter, and we’ll send our selected output to a TXT file.

Get-Service | Out-GridView -PassThru | Out-File C:\Files\services.txt

When we run this command, the Out-GridView window opens as usual. However, because we used the -PassThru parameter, we can select the output we want to pipe to the next command.

Tip: Hold the Shift key to highlight multiple items, and hold the Ctrl key to select individual items. Click OK when you’ve finished selecting items.

Out-GridView selection passed through the pipeline and exported to a text file using Out-File.

Once we’ve made our selection and clicked OK, the output is sent to a text file. We can open the text file to ensure it contains the items we selected.

Text file showing selected Windows services exported from PowerShell with status, name, and display name.

13. Invoke-Item

The Invoke-Item cmdlet opens files or launches items using their default application or file association. It can also launch more than one item at a time. Invoke-Item uses the default file association to determine the application to launch with the corresponding file type.

Here is the basic structure of an Invoke-Item command:

Invoke-Item <item_path>
PowerShell Invoke-Item command opening a text file from the filesystem.

This example launches the indicated TXT file in Notepad.exe because of the default application assignment on my computer.

Text file opened in Notepad showing contents loaded using PowerShell Invoke-Item.

As mentioned above, Invoke-Item can also be used to open several files at once. This command opens all TXT files in the C:\Temp folder at once.

Invoke-Item “C:\Temp\*.txt”

14. Foreach

Foreach loops iterate through a collection of items, performing actions against them. Foreach loops are a little more complex than the other commands we’ve covered so far. However, foreach loops become increasingly crucial as you dive into more advanced PowerShell tasks.

Here is the basic format of a foreach command in PowerShell:

foreach ($<item> in $<collection>){<statement list>}

Here’s a simple example of a foreach command that identifies files in a specified folder that are 0 KB in size.

$files = Get-ChildItem -Path C:\Files\ foreach ($file in $files){ if ($file.Length -eq 0kb){ Write-Host $file } }

PowerShell script in Visual Studio Code that loops through files and outputs files with zero length.

In this example, we assign the items located at C:\Files\ to the $files variable. Then, we use the foreach command to loop through each item in the variable. Next, we’re using an if statement to determine if the file is equal to 0 KB. If the file is equal to 0 KB, the file is output to the console. The loop repeats until it has processed each item in the collection assigned to the variable $files.

We can check the folder for ourselves to ensure the data returned was accurate.

Windows File Explorer highlighting zero-byte files identified by a PowerShell script.

Oh, and if you’re wondering what code editor I’m using in this example and how I got it to look so rad, I’ve covered how to customize VS Code with PowerShell.

15. If statements

Capping off our list is another slightly more advanced PowerShell command. Don’t worry. You were already exposed to it in the previous example and probably didn’t even realize it.

If statements execute PowerShell code only when a specified condition is true, allowing scripts to make decisions based on logic. For example, if I won the lottery, I would enjoy an early retirement. If not, then I would continue to upload amazing content to the internet. PowerShell can use the same kind of logic.

Here’s what the structure of an if statement looks like in PowerShell.

if ($<condition>){ <function to perform if the condition is true> }

When a condition is true, the function executes. If the condition returns false, it bypasses the function and proceeds to process the remainder of the script. For example:

$var = 42 If ($var -eq 42){ Write-Host “Congratulations. 42 is the meaning of life, the universe, and everything.” }

In this example, since the variable $var equals 42 and the condition is met, the Write-Host command executes and the message displays. If the variable equaled something different, like 24, the condition would return false, and the Write-Host command would not execute.

Here’s one more example of an if statement in use. This time, we’ll use the Get-Date cmdlet and format it to return the month and day. If the date is equal to 12/25, a message displays saying, “Merry Christmas, ya filthy animal.”

$date = Get-Date -Format “MM/dd” if ($date -eq "12/25"){ Write-Host “Merry Christmas, ya filthy animal.” }

If statements are really handy to utilize in your PowerShell scripts. If you’d like to know more, we have an entire article dedicated to if statements.

On the path to PowerShell stardom

PowerShell scripting gets easier once you understand core cmdlets like Get-Help, Get-Command, Get-Member, Get-Process, Get-Service, Where-Object, and Select-Object. These commands give sysadmins a practical foundation for automation, troubleshooting, reporting, and everyday Windows administration.

Starting with these essential PowerShell commands will help you quickly progress into using more advanced commands. Then one day, you’ll become a PowerShell ace and may even be invited as a guest onto the The PowerShell Podcast, the most prestigious of all PowerShell podcasts.

Brock
Brock Bingham

Brock Bingham is a systems administrator with 15 years of experience managing endpoints and servers, with a strong focus on automation, patching, security, and maintaining stable environments at scale. After years of hands-on IT work, he now creates content and teaches, helping other admins learn through practical, real-world guidance.

Related articles

Powershell1 2026

PowerShell automation for sysadmins: How to work smarter without breaking things

POWERSHELL

Patch Tuesday

Patch Tuesday May 2026

SECURITY

News2 2026

PDQ appoints Emily Glass & Shaun Clowes to board of directors to support growth

NEWS