PowerShell has a powerful set of commands and is used by system admins, service desk staff, help desk staff, and software developers to automate tasks, and configuration management using commands, scripts, and functions.
In this article, I will explain useful PowerShell scripts for help desk staff to help with useful commands that they need on a day-to-day basis to automate tasks or configuration.
As a system admin or help desk staff, daily basis we have to check whether a user account is enabled or disabled, add the user to the active directory, assign folder permission to the user, and so on..
I have tried to collect and put useful PowerShell scripts for helpdesk staff or system admin staff to save a lot of time compared to finding useful commands or GUI.
Often, help desk staff spend their time going through GUI ( graphical user interface) applications to solve their problem which can be easily achieved using commands.
Let’s start with commonly useful scripts for help desk staff or system admins using PowerShell.
Active Directory Commands
In an organization, an active directory helps you to organize users, computers, groups, domains, and more.
System admins or help desk staff use the active directory on a daily basis to organize users, computers, user permission access, remote computer management, add a new user or delete a user from the active directory, and more.
Below are commonly useful PowerShell active directory scripts for help desk staff or system admins
Add user to Active Directory
Let’s add user Ian Richards to the SALES group in the active directory using the Add-AdGroupMember cmdlet, the group name is specified by the Identity parameter, and the user name is specified by the Members parameter.
Add-ADGroupMember -Identity SALES -Members Ian.Richards
Set Ad User Properties
If you want to set active directory user properties, use Set-AdUser cmdlet.
Let’s consider an example to set the active directory user manager name, run the below command, Get-AdUser get user, and using Set-ADUser it sets manager property for the given user.
Get-ADUser -Identity "toms" | Set-ADUser -Manager "JohnKelly"
Find Users or Computer which are expired
Use the Search-AdAccount cmdlet to find the user, computer, or service account enable status
Search-ADAccount -AccountExpired
Check if the user password expired
Search-ADAccount -PasswordExpired
Check if Users account is disabled
Search-ADAccount -AccountDisabled
Find all locked out accounts in the active directory
Search-ADAccount -LockedOut | FT Name,ObjectClass -A
Find the account inactive for the last 90 days
Search-ADAccount -AccountInactive -TimeSpan 90.00:00:00 | FT Name,ObjectClass -A
Unlock User account
Unlock-ADaccount -identity "Garyw"
Get Ad User Distinguished Name
Get-AdUser -Identity "toms" | Select DistinguishedName
Get Ad User using userprincipalname
Use the Get-AdUser cmdlet in the Active directory to get the user using the provided userprincipalname.
Get-ADGroupmember -identity salesleader | % { get-aduser $_.samaccountname} | Select Name,UserPrincipalName
Get Ad User SID in the active directory
Get-AdUser -Identity toms | Select Name, SID, UserPrincipalName
Modify the Property of the Group in the active directory
Let’s consider an example to modify the description property of a group, Run the below command.
Set-ADGroup -Server localhost:60000 -Identity "CN=AccessControl,DC=AppNC" -Description "Access Group" -Passthru
The above PowerShell script uses Set-AdGroup to set the description property using the Description parameter.
List all active directory groups
PowerShell Get-AdGroup cmdlet gets a list of all active directory groups, run the below command.
Get-ADGroup -filter * -properties * |select SAMAccountName, Description|
List of all users in the AD group
PowerShell Get-AdGroupMember cmdlet gets active directory group members, run the below command.
Get-ADGroupMember -Identity "Shell_Sales" | Select-Object Name
Get all computers in Active Directory
PowerShell Get-AdComputer cmdlet gets a list of active directory computers.
Get-ADComputer -Filter *
Local Computer Commands
Given below are local computer commands
How many users are connected to the server locally / remotely
To check locally how many users are connected to the server, run the below command in the command prompt.
NET SESSION | FIND /C "\\"
To check remotely, run the below command.
PSEXEC \\servername NET SESSION | FIND /C "\\"
Find the last changed password of the user
Use the Net User command-line tool to get the user password last set.
NET USER username /DOMAIN | FIND /I "Password last change"
Empty Recycle bin for D drive
Use the Clear-RecycleBin cmdlet to delete recycled content.
Clear-RecycleBin -force -driveletter D
Restart Print Spooler Service
Use the Restart-Service cmdlet to restart the print spooler service specified by the service name.
Restart-Service -Name Spooler
Conclusion
I hope the above article about helpful PowerShell scripts for help desk staff or system admins is useful to you in solving your day-to-day tasks.
Important Note: The above PowerShell scripts are for reference purposes and should be cautiously run and you understand and accept risk while using get, modification, or delete related commands.
You can find more topics about PowerShell Active Directory commands and PowerShell basics on the ShellGeek home page.