New To Powershell?

6 minute read

Description:

A lot of times someone will say, ‘Hey Gerry I’m just now learning Powershell but I don’t know what I can test it on?’. Here is my common response:

To Resolve:

  1. Mainly: reddit.com/r/powershell. Specifically, follow this thread: https://www.reddit.com/r/PowerShell/comments/9c5vib/what_have_you_done_with_powershell_this_month/

  2. Examples:
    Well, do you hand type all your configs or do you generate them somehow? You can use PowerShell to generate your commands. Create a template like system where you pass in just what you need and it expands out the full commands.
    One of my favorites that I offer up for this request is to write a script that will pull event logs from all the systems that you manage and report on the 10 most common errors. Then for each of those, write a script for each that will detect\identify the root cause. Then write a script that will correct the root cause. Then repeat.
    Not only does that give an endless supply of tasks, you gain a very intimate understanding of your environments issues.
    Display some static text
    Display the current date/time
    Display some information about the local system
    Print the first input parameter
    Display every 5th number between two given numbers
    Check if a file exists
    Check if that file contains a line with specific text
    Add a new line to the text file
    Output the above items in JSON format
    Query all servers to get the version of AntiVirus and the last time it was updated.
    Logon script that adds, removes, and sets default printers based on AD Groups.
    Reset AD Password to random generated password and emails it to the user.
    Automatically disable any AD account that has not been used in 90 days.
    Query all servers for any services or application pools running under a domain admin account.
    Check all services on servers with a startup type of Automatic and start any that have stopped.
    Delete any snapshots on AWS that are over 14 days old.
    Optimize a Virtual Desktop gold image in a single command.
    Dynamically create and update a HTML page for an employee directory complete with picture, name, extension, and email.
    password expiry notifications for users and create reporting for you or anyone dealing with AD in any way
    user and group membership,
    mailbox statistics with ActiveSync devices usage,
    audit of file shares,
    service accounts),
    cleanup jobs (unused computer accounts, DNS records, ActiveSync devices)
    resetting permissions on userhome folders.
    fixing corrupted permissions on several other folders.
    What if your company acquires a another company and you need to mass import users?
    Mass importing/exporting contacts to/from Exchange.
    Emergency push of an update to multiple computers.
    Audit folder and file permissions etc.
    We had to migrate a few thousand users from physical PCs to a VDI environment. I wrote a PowerShell script to:
    Backup the users’ PC
    Reimage the users’ PC as a pseudo thin client & move to new OU
    Move the users’ personal drive to a new server
    Tidy up the users’ folder structure
    Move the users’ account to a new OU
    Set a bunch of user settings
    Unlock accounts
    Get mailbox status reports by user
    Find and fix users who don’t have quotas set or override default quota
    Find out which users are not syncing mobile email on their phone that are required to.
    Report on and fix accounts with things like password never expires.
    Verify, add, or uninstall specific hotfixes against servers.
    Expired password and/or locked password account reports.
    Generate reports of servers/workstations which are low on disk space.
    Find and remove old user profiles regularly from workstations and servers.
    Scan and force workstations reboots if they haven’t rebooted in a week.
    Report on AD group membership changes for key groups.
    Find accounts which haven’t logged on in X days and remove/disable/expire them (usually vendors or contractors)
    Report on changes to AD OU objects.
    Run cleanup scripts against remote workstations to make sure no users (or only allowed users) in local admin or power user groups. Report any anomalies.
    email users to tell them they have to change their passwords. The script also sends me a report so if I know if somebody is going to get locked out, I can stop it before it happens.
    upload old files to aws and send me a report.
    delete old files.
    run and distribute an excel report to the sales team.
    Set expiry for user accounts, with PS you can set it to the minute instead of just the end of the day.
    Check for and remove email forwarding rules when staff leave
    NTFS permissions reports ( they get gussied up in excel)
    Setting exchange mailbox permissions
    Checking for locked users, unlocking them
    Reporting on user mailbox sizes
    Reporting the devices users have connected with through activesync
    Anything you do in ADUC, do it in powershell instead. Start with a basic command, then build on it. If your scripts are always using hard coded variables, change them to take arguments. Then work on error handling and throw in some output logging. The http://powershellcookbook.com is a pretty good investment.
    This is what I did. It was the easiest way for me to learn. I use Get-ADUser, Add-ADGroupMember, and Get-ADPrincipalGroupMembership all the time.
    It’s also a great tool to use if you need to remove X security group from Y number of users or any other kind of batch operation.
    A script that automates the process of setting up a loaner laptop (clears profiles, runs some updates, etc).
    A script that runs a network speed test on a machine using iPerf and outputs results + other network information to a Cisco Webex Teams chat channel for viewing, mainly used to verify network connectivity on new computer setups.
    A script that filters an Excel spreadsheet containing print job history to see what printers are being used most often as well as what users are printing to them.
    A script to re-create the assigned ports for printers on our old print server that were set up to use WSD ports – it assigns a TCP/IP port using the IP address gathered from the WSD port configuration.
    Various other small one-off scripts to automate manual data evaluation that would otherwise take a significant amount of time.
    A suite of installation scripts for my PowerShell profile/dev environment.
    Resetting AD passwords and sending temporary password and instructions
    AD user account creation and provisioning based on data from our HR system’s API
    Terminations – disabling AD User, converting mailbox to shared in O365 and recovering license, setting autoresponse on their email
    Non-domain-joined computer setup (we inherit PCs often)
    Migrating mailboxes to Office 365
    Reporting Hyper-V Replication status
    Auditing inconsistencies, such as comparing our HR data to AD attributes
    A script that automates the process of setting up a loaner laptop (clears profiles, runs some updates, etc).
    A script that runs a network speed test on a machine using iPerf and outputs results + other network information to a Cisco Webex Teams chat channel for viewing, mainly used to verify network connectivity on new computer setups.
    A script that filters an Excel spreadsheet containing print job history to see what printers are being used most often as well as what users are printing to them.
    A script to re-create the assigned ports for printers on our old print server that were set up to use WSD ports – it assigns a TCP/IP port using the IP address gathered from the WSD port configuration.
    Various other small one-off scripts to automate manual data evaluation that would otherwise take a significant amount of time.

The list is virtually unlimited.. Powershell can have a Windows system do just about anything. Be sure to check out my Github for any scripts that may be useful in your environment!