⚠️

重要前提

安装AI Skills的关键前提是：必须科学上网，且开启TUN模式，这一点至关重要，直接决定安装能否顺利完成，在此郑重提醒三遍：科学上网，科学上网，科学上网。查看完整安装教程 →

PowerShell 2025 重大变更与迁移指南：版本移除、模块停用、WMIC替代方案

powershell-2025-changes by josiahsiegel/claude-plugin-marketplace

62 周安装量

21 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/josiahsiegel/claude-plugin-marketplace --skill powershell-2025-changes

自动化系统管理命令行工具

🇨🇳中文介绍

PowerShell 2025 重大变更与迁移指南

2025 年 PowerShell 的关键变更、弃用项及迁移路径。

PowerShell 2.0 移除 (2025年8月-9月)

移除内容

PowerShell 2.0 已从以下系统中完全移除：

Windows 11 版本 24H2 (2025年8月)
Windows Server 2025 (2025年9月)

原因： 安全性改进，减少攻击面，清理遗留代码

迁移路径

# 检查是否安装了 PowerShell 2.0
Get-WindowsOptionalFeature -Online -FeatureName MicrosoftWindowsPowerShellV2Root

# 如果仍需要 PowerShell 2.0 (不推荐)
# - 使用旧版 Windows 系统
# - 使用包含旧版基础镜像的 Windows 容器
# - 将脚本升级到 PowerShell 5.1 或 7+

# 推荐：迁移到 PowerShell 7.5+
winget install Microsoft.PowerShell

必需操作： 审核所有脚本，并从任何 PowerShell 调用中移除 -Version 2.0 参数。

MSOnline 和 AzureAD 模块停用

停用时间线

模块	停止工作

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

MSOnline/AzureAD	Microsoft.Graph	备注
`Get-MsolUser` / `Get-AzureADUser`	`Get-MgUser`	需要 User.Read.All 权限范围
`Get-MsolGroup` / `Get-AzureADGroup`	`Get-MgGroup`	需要 Group.Read.All 权限范围
`Get-MsolDevice` / `Get-AzureADDevice`	`Get-MgDevice`	需要 Device.Read.All 权限范围
`Connect-MsolService` / `Connect-AzureAD`	`Connect-MgGraph`	基于权限范围的授权

WMIC 移除 (Windows 11 25H2)

升级到 Windows 11 25H2+ 后，Windows 管理规范命令行 (WMIC) 工具将被移除。

从 WMIC 迁移到 PowerShell WMI/CIM：

# 旧版 (WMIC) - 已移除
wmic process list brief
wmic os get caption

# 新版 (PowerShell CIM)
Get-CimInstance -ClassName Win32_Process | Select-Object Name, ProcessId, CommandLine
Get-CimInstance -ClassName Win32_OperatingSystem | Select-Object Caption, Version

# 获取详细的进程信息
Get-Process | Format-Table Name, Id, CPU, WorkingSet -AutoSize

# 获取系统信息
Get-ComputerInfo | Select-Object WindowsProductName, WindowsVersion

PowerShellGet → PSResourceGet 迁移

现代包管理 (2025)

PSResourceGet 是 PowerShellGet 的官方继任者 (速度快2倍，积极开发中)。

# 安装 PSResourceGet (随 PowerShell 7.4+ 提供)
Install-Module -Name Microsoft.PowerShell.PSResourceGet -Force

# 新命令 (PSResourceGet)
Install-PSResource -Name Az -Scope CurrentUser  # 替代 Install-Module
Find-PSResource -Name "*Azure*"                 # 替代 Find-Module
Update-PSResource -Name Az                      # 替代 Update-Module
Get-InstalledPSResource                         # 替代 Get-InstalledModule

# 为遗留脚本提供兼容层
# 旧的 Install-Module 命令仍可工作，但内部会调用 PSResourceGet

PowerShellGet : 安装模块需要 10-15 秒
PSResourceGet : 安装模块需要 5-7 秒 (速度快2倍)

Test-Json 架构变更

重大变更 (PowerShell 7.4+)

Test-Json 现在使用 JsonSchema.NET 替代 Newtonsoft.Json.Schema。

影响： 不再支持 Draft 4 JSON 架构。

# 旧版 (Draft 4 架构) - 不再支持
$schema = @"
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object"
}
"@

Test-Json -Json $json -Schema $schema  # 在 PowerShell 7.4+ 中失败

# 新版 (Draft 6+ 架构) - 支持
$schema = @"
{
  "$schema": "http://json-schema.org/draft-06/schema#",
  "type": "object"
}
"@

Test-Json -Json $json -Schema $schema  # 正常工作

#Requires -PSSnapin 移除

重大变更 (PowerShell 7.4+)

所有与 #Requires -PSSnapin 相关的代码已被移除。

# 旧版 (PowerShell 5.1 及更早版本)
#Requires -PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn

# 新版 (改用模块)
#Requires -Modules ExchangeOnlineManagement

Import-Module ExchangeOnlineManagement
Connect-ExchangeOnline

安全强化 (2025 标准)

最低权限管理 (JEA)

JEA 现已成为生产环境的安全要求：

# 创建 JEA 会话配置
New-PSSessionConfigurationFile -SessionType RestrictedRemoteServer `
    -Path "C:\JEA\RestrictedAdmin.pssc" `
    -VisibleCmdlets @{
        Name = 'Restart-Service'
        Parameters = @{ Name = 'Name'; ValidateSet = 'Spooler' }
    } `
    -LanguageMode NoLanguage

# 注册 JEA 端点
Register-PSSessionConfiguration -Name RestrictedAdmin `
    -Path "C:\JEA\RestrictedAdmin.pssc" `
    -Force

# 使用受限权限连接
Enter-PSSession -ComputerName Server01 -ConfigurationName RestrictedAdmin

Windows Defender 应用程序控制 (WDAC)

WDAC 替代 AppLocker 用于 PowerShell 脚本控制：

# 为 PowerShell 脚本创建 WDAC 策略
New-CIPolicy -FilePath "C:\WDAC\PowerShellPolicy.xml" `
    -ScanPath "C:\Scripts" `
    -Level FilePublisher `
    -Fallback Hash

# 转换为二进制并部署
ConvertFrom-CIPolicy -XmlFilePath "C:\WDAC\PowerShellPolicy.xml" `
    -BinaryFilePath "C:\Windows\System32\CodeIntegrity\SIPolicy.p7b"

受限语言模式 现推荐用于所有非管理员用户：

# 检查当前语言模式
$ExecutionContext.SessionState.LanguageMode
# 输出: FullLanguage (管理员) 或 ConstrainedLanguage (标准用户)

# 通过组策略或环境变量设置系统级受限语言模式
# 设置 HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\__PSLockdownPolicy = 4

PowerShell 7.6 预览功能

当前状态 (2025年10月)

PowerShell 7.6.0 预览版 5 已可用 (基于 .NET 9.0.101 构建)

PSRedirectToVariable : 允许重定向到变量
模块重命名 : ThreadJob → Microsoft.PowerShell.ThreadJob
PSResourceGet 1.1.0 : 改进的性能和 Azure Artifacts 支持

检查 PowerShell 版本

$PSVersionTable.PSVersion

7.5.4 (稳定版) 或 7.6.0-preview.5

.NET 版本

.NET 9.0.101

立即需要执行的操作 (2025)

审核 MSOnline/AzureAD 使用情况 - 在 2025年5月前迁移到 Microsoft.Graph 2.32.0
移除 PowerShell 2.0 引用 - 升级到 PowerShell 7.5+
替换 WMIC 命令 - 使用 Get-CimInstance/Get-Process
更新 JSON 架构 - 将 Draft 4 迁移到 Draft 6+
移除 PSSnapin 要求 - 转换为模块
采用 PSResourceGet - 更快、更现代的包管理
实施 JEA - 生产环境的基于角色的访问控制
启用 WDAC - PowerShell 脚本的应用程序控制
测试受限语言模式 - 用于非管理员用户

升级到 PowerShell 7.5.4 - 最新的稳定版，基于 .NET 9
采用 Az 14.5.0 - 最新的 Azure 模块，支持区域冗余
使用 Microsoft.Graph 2.32.0 - 积极维护的 Graph SDK
启用脚本块日志记录 - 安全审计
实施代码签名 - 用于生产脚本
使用 Azure Key Vault - 用于凭据管理

# 测试已弃用模块的使用情况
Get-Module MSOnline, AzureAD -ListAvailable
# 如果找到，立即规划迁移

# 测试 PowerShell 2.0 依赖项
Get-Content "script.ps1" | Select-String -Pattern "powershell.exe -Version 2"
# 如果找到，移除版本参数

# 测试 WMIC 使用情况
Get-ChildItem -Path "C:\Scripts" -Recurse -Filter "*.ps1" |
    Select-String -Pattern "wmic" |
    Select-Object Path, Line

# 验证 PowerShell 版本兼容性
#Requires -Version 7.0
Test-Path $PSCommandPath  # 确保脚本在 PowerShell 7+ 中运行

最后更新： 2025年10月

🇺🇸English

PowerShell 2025 Breaking Changes & Migrations

Critical changes, deprecations, and migration paths for PowerShell in 2025.

PowerShell 2.0 Removal (August-September 2025)

What's Removed

PowerShell 2.0 has been completely removed from:

Windows 11 version 24H2 (August 2025)
Windows Server 2025 (September 2025)

Why: Security improvements, reduced attack surface, legacy code cleanup

Migration Path

# Check if PowerShell 2.0 is installed
Get-WindowsOptionalFeature -Online -FeatureName MicrosoftWindowsPowerShellV2Root

# If you still need PowerShell 2.0 (NOT RECOMMENDED)
# - Use older Windows versions
# - Use Windows containers with older base images
# - Upgrade scripts to PowerShell 5.1 or 7+

# Recommended: Migrate to PowerShell 7.5+
winget install Microsoft.PowerShell

Action Required: Audit all scripts and remove -Version 2.0 parameters from any PowerShell invocations.

MSOnline & AzureAD Module Retirement

Retirement Timeline

Module	Stop Working	Retirement Complete
MSOnline	Late May 2025	May 31, 2025
AzureAD	March 30, 2025	After July 1, 2025

Critical: These modules will stop functioning - not just deprecated, but completely non-functional.

Migration Path

From MSOnline/AzureAD to Microsoft.Graph:

# OLD (MSOnline) - STOPS WORKING MAY 2025
Connect-MsolService
Get-MsolUser
Set-MsolUser -UserPrincipalName "user@domain.com" -UsageLocation "US"

# NEW (Microsoft.Graph 2.32.0)
Connect-MgGraph -Scopes "User.ReadWrite.All"
Get-MgUser
Update-MgUser -UserId "user@domain.com" -UsageLocation "US"

# OLD (AzureAD) - STOPS WORKING MARCH 2025
Connect-AzureAD
Get-AzureADUser
New-AzureADUser -DisplayName "John Doe" -UserPrincipalName "john@domain.com"

# NEW (Microsoft.Graph 2.32.0)
Connect-MgGraph -Scopes "User.ReadWrite.All"
Get-MgUser
New-MgUser -DisplayName "John Doe" -UserPrincipalName "john@domain.com"

Alternative: Use Microsoft Entra PowerShell module (successor to AzureAD)

Install-Module -Name Microsoft.Graph.Entra -Scope CurrentUser
Connect-Entra
Get-EntraUser

Common Command Mappings

MSOnline/AzureAD	Microsoft.Graph	Notes
`Get-MsolUser` / `Get-AzureADUser`	`Get-MgUser`	Requires User.Read.All scope
`Get-MsolGroup` / `Get-AzureADGroup`	`Get-MgGroup`	Requires Group.Read.All scope
`Get-MsolDevice` / `Get-AzureADDevice`

WMIC Removal (Windows 11 25H2)

What's Removed

Windows Management Instrumentation Command-line (WMIC) tool removed after upgrading to Windows 11 25H2+.

Migration Path

From WMIC to PowerShell WMI/CIM:

# OLD (WMIC) - REMOVED
wmic process list brief
wmic os get caption

# NEW (PowerShell CIM)
Get-CimInstance -ClassName Win32_Process | Select-Object Name, ProcessId, CommandLine
Get-CimInstance -ClassName Win32_OperatingSystem | Select-Object Caption, Version

# For detailed process info
Get-Process | Format-Table Name, Id, CPU, WorkingSet -AutoSize

# For system info
Get-ComputerInfo | Select-Object WindowsProductName, WindowsVersion

PowerShellGet → PSResourceGet Migration

Modern Package Management (2025)

PSResourceGet is the official successor to PowerShellGet (2x faster, actively developed).

# Install PSResourceGet (ships with PowerShell 7.4+)
Install-Module -Name Microsoft.PowerShell.PSResourceGet -Force

# New commands (PSResourceGet)
Install-PSResource -Name Az -Scope CurrentUser  # Replaces Install-Module
Find-PSResource -Name "*Azure*"                 # Replaces Find-Module
Update-PSResource -Name Az                      # Replaces Update-Module
Get-InstalledPSResource                         # Replaces Get-InstalledModule

# Compatibility layer available for legacy scripts
# Your old Install-Module commands still work but call PSResourceGet internally

Performance Comparison:

PowerShellGet : 10-15 seconds to install module
PSResourceGet : 5-7 seconds to install module (2x faster)

Test-Json Schema Changes

Breaking Change (PowerShell 7.4+)

Test-Json now uses JsonSchema.NET instead of Newtonsoft.Json.Schema.

Impact: No longer supports Draft 4 JSON schemas.

# OLD (Draft 4 schema) - NO LONGER SUPPORTED
$schema = @"
{
  "$schema": "http://json-schema.org/draft-04/schema#",
  "type": "object"
}
"@

Test-Json -Json $json -Schema $schema  # FAILS in PowerShell 7.4+

# NEW (Draft 6+ schema) - SUPPORTED
$schema = @"
{
  "$schema": "http://json-schema.org/draft-06/schema#",
  "type": "object"
}
"@

Test-Json -Json $json -Schema $schema  # WORKS

#Requires -PSSnapin Removed

Breaking Change (PowerShell 7.4+)

All code related to #Requires -PSSnapin has been removed.

# OLD (PowerShell 5.1 and earlier)
#Requires -PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn

# NEW (Use modules instead)
#Requires -Modules ExchangeOnlineManagement

Import-Module ExchangeOnlineManagement
Connect-ExchangeOnline

Security Hardening (2025 Standards)

Just Enough Administration (JEA)

JEA is now a security requirement for production environments:

# Create JEA session configuration
New-PSSessionConfigurationFile -SessionType RestrictedRemoteServer `
    -Path "C:\JEA\RestrictedAdmin.pssc" `
    -VisibleCmdlets @{
        Name = 'Restart-Service'
        Parameters = @{ Name = 'Name'; ValidateSet = 'Spooler' }
    } `
    -LanguageMode NoLanguage

# Register JEA endpoint
Register-PSSessionConfiguration -Name RestrictedAdmin `
    -Path "C:\JEA\RestrictedAdmin.pssc" `
    -Force

# Connect with limited privileges
Enter-PSSession -ComputerName Server01 -ConfigurationName RestrictedAdmin

Windows Defender Application Control (WDAC)

WDAC replaces AppLocker for PowerShell script control:

# Create WDAC policy for PowerShell scripts
New-CIPolicy -FilePath "C:\WDAC\PowerShellPolicy.xml" `
    -ScanPath "C:\Scripts" `
    -Level FilePublisher `
    -Fallback Hash

# Convert to binary and deploy
ConvertFrom-CIPolicy -XmlFilePath "C:\WDAC\PowerShellPolicy.xml" `
    -BinaryFilePath "C:\Windows\System32\CodeIntegrity\SIPolicy.p7b"

Constrained Language Mode

Constrained Language Mode is now recommended for all users without admin privileges:

# Check current language mode
$ExecutionContext.SessionState.LanguageMode
# Output: FullLanguage (admin) or ConstrainedLanguage (standard user)

# Set system-wide constrained language mode via Group Policy or Environment Variable
# Set HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\__PSLockdownPolicy = 4

PowerShell 7.6 Preview Features

Current Status (October 2025)

PowerShell 7.6.0 Preview 5 available (built on .NET 9.0.101)

New Features:

PSRedirectToVariable : Allow redirecting to a variable
Module Rename : ThreadJob → Microsoft.PowerShell.ThreadJob
PSResourceGet 1.1.0 : Improved performance and Azure Artifacts support

Check PowerShell version

$PSVersionTable.PSVersion

7.5.4 (stable) or 7.6.0-preview.5

.NET version

.NET 9.0.101

Migration Checklist

Immediate Actions Required (2025)

Audit MSOnline/AzureAD usage - Migrate to Microsoft.Graph 2.32.0 before May 2025
Remove PowerShell 2.0 references - Upgrade to PowerShell 7.5+
Replace WMIC commands - Use Get-CimInstance/Get-Process
Update JSON schemas - Migrate Draft 4 to Draft 6+
Remove PSSnapin requirements - Convert to modules
Adopt PSResourceGet - Faster, modern package management
Implement JEA - Role-based access control for production
Enable WDAC - Application control for PowerShell scripts
Test Constrained Language Mode - For non-admin users

Recommended Actions

Upgrade to PowerShell 7.5.4 - Latest stable with .NET 9
Adopt Az 14.5.0 - Latest Azure module with zone redundancy
Use Microsoft.Graph 2.32.0 - Actively maintained Graph SDK
Enable Script Block Logging - Security auditing
Implement Code Signing - For production scripts
Use Azure Key Vault - For credential management

Testing Migration

# Test for deprecated module usage
Get-Module MSOnline, AzureAD -ListAvailable
# If found, plan migration immediately

# Test for PowerShell 2.0 dependencies
Get-Content "script.ps1" | Select-String -Pattern "powershell.exe -Version 2"
# If found, remove version parameter

# Test for WMIC usage
Get-ChildItem -Path "C:\Scripts" -Recurse -Filter "*.ps1" |
    Select-String -Pattern "wmic" |
    Select-Object Path, Line

# Verify PowerShell version compatibility
#Requires -Version 7.0
Test-Path $PSCommandPath  # Ensures script is PowerShell 7+

Resources

Last Updated: October 2025

Weekly Installs

Repository

josiahsiegel/cl…ketplace

GitHub Stars

First Seen

Jan 24, 2026

Security Audits

Gen Agent Trust HubPass SocketPass SnykWarn

Installed on

claude-code51

gemini-cli48

opencode48

codex43

cursor42

antigravity39

通过 LiteLLM 代理让 Claude Code 对接 GitHub Copilot 运行 | 高级变通方案指南

48,700 周安装

MSOnline	2025年5月下旬	2025年5月31日
AzureAD	2025年3月30日	2025年7月1日后

PowerShell 2025 重大变更与迁移指南：版本移除、模块停用、WMIC替代方案

🇨🇳中文介绍

PowerShell 2025 重大变更与迁移指南

PowerShell 2.0 移除 (2025年8月-9月)

移除内容

迁移路径

MSOnline 和 AzureAD 模块停用

停用时间线

相关 Skills

迁移路径

常用命令映射

WMIC 移除 (Windows 11 25H2)

移除内容

迁移路径

PowerShellGet → PSResourceGet 迁移

现代包管理 (2025)

Test-Json 架构变更

重大变更 (PowerShell 7.4+)

#Requires -PSSnapin 移除

重大变更 (PowerShell 7.4+)

安全强化 (2025 标准)

最低权限管理 (JEA)

Windows Defender 应用程序控制 (WDAC)

受限语言模式

PowerShell 7.6 预览功能

当前状态 (2025年10月)

检查 PowerShell 版本

7.5.4 (稳定版) 或 7.6.0-preview.5

.NET 版本

.NET 9.0.101

迁移清单

立即需要执行的操作 (2025)

推荐操作

测试迁移

资源

🇺🇸English

PowerShell 2025 Breaking Changes & Migrations

PowerShell 2.0 Removal (August-September 2025)

What's Removed

Migration Path

MSOnline & AzureAD Module Retirement

Retirement Timeline

Migration Path

Common Command Mappings

WMIC Removal (Windows 11 25H2)

What's Removed

Migration Path

PowerShellGet → PSResourceGet Migration

Modern Package Management (2025)

Test-Json Schema Changes

Breaking Change (PowerShell 7.4+)

#Requires -PSSnapin Removed

Breaking Change (PowerShell 7.4+)

Security Hardening (2025 Standards)

Just Enough Administration (JEA)

Windows Defender Application Control (WDAC)

Constrained Language Mode

PowerShell 7.6 Preview Features

Current Status (October 2025)

Check PowerShell version

7.5.4 (stable) or 7.6.0-preview.5

.NET version

.NET 9.0.101

Migration Checklist

Immediate Actions Required (2025)

Recommended Actions

Testing Migration

Resources

最新 Skills