PowerShell has powerful set of commands and used by system admins, service desk staff, help desk staff, software developers to automate task, configuration management using commands, script, functions.
In this article, I will explain useful PowerShell scripts for help desk staff to help with useful commands that they need day to day basis to automate task or configuration.
As a system admin or help desk staff, daily basis we have to check for if user account is enabled or disabled, add user to active directory, assigned folder permission to user and so on..
I have tried to collect and put useful PowerShell script for helpdesk staff or system admin staff to save lot of time compared to find the useful commands or GUI.
Often, help desk staff spend their time going through GUI ( graphical user interface) application to solve their problem which can be easily achieved using commands.
Let’s start with commonly useful scripts for help desk staff or system admins using PowerShell.
Active Directory Commands
In an organization, active directory helps you to organize users, computers, groups, domains and more.
System admins or help desk staff uses active directory on daily basis to organize users, computers, user permission access, remote computer management, add new user or delete user from active directory and more.
Below are commonly useful PowerShell active directory scripts for help desk staff or system admins
Add user to Active Directory
Lets add user Ian Richards to SALES group in active directory using Add-AdGroupMember
cmdlet, group name is specified by Identity parameter and user name is specified by Members parameter.
Add-ADGroupMember -Identity SALES -Members Ian.Richards
Set Ad User Properties
If you want to set active directory user properties, use Set-AdUser cmdlet.
Let’s consider an example to set active directory user manager name, run below command, Get-AdUser
get user and using Set-ADUser
it set manager property for given user.
Get-ADUser -Identity "toms" | Set-ADUser -Manager "JohnKelly"
Find Users or Computer which are expired
Use Search-AdAccount cmdlet to find user, computer or service account enable status
Search-ADAccount -AccountExpired
Check If Users password expired
Search-ADAccount -PasswordExpired
Check if Users account disabled
Search-ADAccount -AccountDisabled
Find all locked out account in active directory
Search-ADAccount -LockedOut | FT Name,ObjectClass -A
Find account inactive for last 90 days
Search-ADAccount -AccountInactive -TimeSpan 90.00:00:00 | FT Name,ObjectClass -A
Unlock User account
Unlock-ADaccount -identity "Garyw"
Get Ad User Distinguished Name
Get-AdUser -Identity "toms" | Select DistinguishedName
Get Ad User using userprincipalname
Use Get-AdUser cmdlet in Active directory to get user using provided userprincipalname.
Get-ADGroupmember -identity salesleader | % { get-aduser $_.samaccountname} | Select Name,UserPrincipalName
Get Ad User SID in active directory
Get-AdUser -Identity toms | Select Name, SID, UserPrincipalName
Modify property of Group in active directory
Lets consider an example to modify description property of group, run below command
Set-ADGroup -Server localhost:60000 -Identity "CN=AccessControl,DC=AppNC" -Description "Access Group" -Passthru
Above PowerShell script, uses Set-AdGroup to set description property using Description parameter.
List all active directory groups
PowerShell Get-AdGroup cmdlet get list of all active directory group, run below command
Get-ADGroup -filter * -properties * |select SAMAccountName, Description|
List of all users in AD group
PowerShell Get-AdGroupMember cmdlet gets active directory group members, run below command
Get-ADGroupMember -Identity "Shell_Sales" | Select-Object Name
Get all computers in Active Directory
PowerShell Get-AdComputer cmdlet get list of active directory computers.
Get-ADComputer -Filter *
Local Computer Commands
Given below are local computer commands
How many users are connected to server locally / remotely
To check locally how many users are connected to server, run below command in command prompt
NET SESSION | FIND /C "\\"
To check remotely, run below command
PSEXEC \\servername NET SESSION | FIND /C "\\"
Find last change password of user
Use Net User command-line tool to get user password last set
NET USER username /DOMAIN | FIND /I "Password last change"
Empty Recycle bin for D drive
use Clear-RecycleBin cmdlet to delete recycle content
Clear-RecycleBin -force -driveletter D
Restart Print Spooler Service
Use Restart-Service cmdlet to restart print spooler service specified by service name
Restart-Service -Name Spooler
Conclusion
I hope above article about helpful PowerShell scripts for help desk staff or system admins useful to you to solve your day to day task.
Important Note: Above PowerShell scripts are for reference purpose and should be cautiously run and you understand and accept risk while using get, modification or delete related commands.
You can find more topics about PowerShell Active Directory commands and PowerShell basics on ShellGeek home page.