Home » PowerShell Tips » Useful PowerShell Scripts for Help Desk

Useful PowerShell Scripts for Help Desk

PowerShell has a powerful set of commands and is used by system admins, service desk staff, help desk staff, and software developers to automate tasks, and configuration management using commands, scripts, and functions.

In this article, I will explain useful PowerShell scripts for help desk staff to help with useful commands that they need on a day-to-day basis to automate tasks or configuration.

As a system admin or help desk staff, daily basis we have to check whether a user account is enabled or disabled, add the user to the active directory, assign folder permission to the user, and so on..

I have tried to collect and put useful PowerShell scripts for helpdesk staff or system admin staff to save a lot of time compared to finding useful commands or GUI.

Often, help desk staff spend their time going through GUI ( graphical user interface) applications to solve their problem which can be easily achieved using commands.

Let’s start with commonly useful scripts for help desk staff or system admins using PowerShell.

Active Directory Commands

In an organization, an active directory helps you to organize users, computers, groups, domains, and more.

System admins or help desk staff use the active directory on a daily basis to organize users, computers, user permission access, remote computer management, add a new user or delete a user from the active directory, and more.

Below are commonly useful PowerShell active directory scripts for help desk staff or system admins

Add user to Active Directory

Let’s add user Ian Richards to the SALES group in the active directory using the Add-AdGroupMember cmdlet, the group name is specified by the Identity parameter, and the user name is specified by the Members parameter.

Add-ADGroupMember -Identity SALES -Members Ian.Richards

Set Ad User Properties

If you want to set active directory user properties, use Set-AdUser cmdlet.

Let’s consider an example to set the active directory user manager name, run the below command, Get-AdUser get user, and using Set-ADUser it sets manager property for the given user.

Get-ADUser -Identity "toms" | Set-ADUser -Manager "JohnKelly"

Find Users or Computer which are expired

Use the Search-AdAccount cmdlet to find the user, computer, or service account enable status

Search-ADAccount -AccountExpired

Check if the user password expired

Search-ADAccount -PasswordExpired

Check if Users account is disabled

Search-ADAccount -AccountDisabled

Find all locked out accounts in the active directory

Search-ADAccount -LockedOut | FT Name,ObjectClass -A

Find the account inactive for the last 90 days

Search-ADAccount -AccountInactive -TimeSpan 90.00:00:00 | FT Name,ObjectClass -A

Unlock User account

Unlock-ADaccount -identity "Garyw"

Get Ad User Distinguished Name

Get-AdUser -Identity "toms" | Select DistinguishedName

Get Ad User using userprincipalname

Use the Get-AdUser cmdlet in the Active directory to get the user using the provided userprincipalname.

Get-ADGroupmember -identity salesleader | % { get-aduser $_.samaccountname} | Select Name,UserPrincipalName

Get Ad User SID in the active directory

 Get-AdUser -Identity toms | Select Name, SID, UserPrincipalName

Modify the Property of the Group in the active directory

Let’s consider an example to modify the description property of a group, Run the below command.

Set-ADGroup -Server localhost:60000 -Identity "CN=AccessControl,DC=AppNC" -Description "Access Group" -Passthru

The above PowerShell script uses Set-AdGroup to set the description property using the Description parameter.

List all active directory groups

PowerShell Get-AdGroup cmdlet gets a list of all active directory groups, run the below command.

Get-ADGroup -filter * -properties * |select SAMAccountName, Description|

List of all users in the AD group

PowerShell Get-AdGroupMember cmdlet gets active directory group members, run the below command.

Get-ADGroupMember -Identity "Shell_Sales" | Select-Object Name

Get all computers in Active Directory

PowerShell Get-AdComputer cmdlet gets a list of active directory computers.

Get-ADComputer -Filter *

Local Computer Commands

Given below are local computer commands

How many users are connected to the server locally / remotely

To check locally how many users are connected to the server, run the below command in the command prompt.


To check remotely, run the below command.

PSEXEC \\servername NET SESSION | FIND /C "\\"

Find the last changed password of the user

Use the Net User command-line tool to get the user password last set.

NET USER username /DOMAIN | FIND /I "Password last change"

Empty Recycle bin for D drive

Use the Clear-RecycleBin cmdlet to delete recycled content.

Clear-RecycleBin -force -driveletter D

Restart Print Spooler Service

Use the Restart-Service cmdlet to restart the print spooler service specified by the service name.

Restart-Service -Name Spooler


I hope the above article about helpful PowerShell scripts for help desk staff or system admins is useful to you in solving your day-to-day tasks.

Important Note: The above PowerShell scripts are for reference purposes and should be cautiously run and you understand and accept risk while using get, modification, or delete related commands.

You can find more topics about PowerShell Active Directory commands and PowerShell basics on the ShellGeek home page.