New To Powershell?

6 minute read

Description:

A lot of times someone will say, ‘Hey Gerry I’m just now learning Powershell but I don’t know what I can test it on?’. Here is my common response:

To Resolve:

  1. Mainly: reddit.com/r/powershell

Specifically, follow this thread:
https://www.reddit.com/r/PowerShell/comments/9c5vib/what_have_you_done_with_powershell_this_month/

Examples:
Well, do you hand type all your configs or do you generate them somehow? You can use PowerShell to generate your commands. Create a template like system where you pass in just what you need and it expands out the full commands.
One of my favorites that I offer up for this request is to write a script that will pull event logs from all the systems that you manage and report on the 10 most common errors. Then for each of those, write a script for each that will detect\identify the root cause. Then write a script that will correct the root cause. Then repeat.
Not only does that give an endless supply of tasks, you gain a very intimate understanding of your environments issues.
Display some static text
Display the current date/time
Display some information about the local system
Print the first input parameter
Display every 5th number between two given numbers
Check if a file exists
Check if that file contains a line with specific text
Add a new line to the text file
Output the above items in JSON format
Query all servers to get the version of AntiVirus and the last time it was updated.
Logon script that adds, removes, and sets default printers based on AD Groups.
Reset AD Password to random generated password and emails it to the user.
Automatically disable any AD account that has not been used in 90 days.
Query all servers for any services or application pools running under a domain admin account.
Check all services on servers with a startup type of Automatic and start any that have stopped.
Delete any snapshots on AWS that are over 14 days old.
Optimize a Virtual Desktop gold image in a single command.
Dynamically create and update a HTML page for an employee directory complete with picture, name, extension, and email.
password expiry notifications for users and create reporting for you or anyone dealing with AD in any way
user and group membership,
mailbox statistics with ActiveSync devices usage,
audit of file shares,
service accounts),
cleanup jobs (unused computer accounts, DNS records, ActiveSync devices)
resetting permissions on userhome folders.
fixing corrupted permissions on several other folders.
What if your company acquires a another company and you need to mass import users?
Mass importing/exporting contacts to/from Exchange.
Emergency push of an update to multiple computers.
Audit folder and file permissions etc.
We had to migrate a few thousand users from physical PCs to a VDI environment. I wrote a PowerShell script to:
Backup the users’ PC
Reimage the users’ PC as a pseudo thin client & move to new OU
Move the users’ personal drive to a new server
Tidy up the users’ folder structure
Move the users’ account to a new OU
Set a bunch of user settings
Unlock accounts
Get mailbox status reports by user
Find and fix users who don’t have quotas set or override default quota
Find out which users are not syncing mobile email on their phone that are required to.
Report on and fix accounts with things like password never expires.
Verify, add, or uninstall specific hotfixes against servers.
Expired password and/or locked password account reports.
Generate reports of servers/workstations which are low on disk space.
Find and remove old user profiles regularly from workstations and servers.
Scan and force workstations reboots if they haven’t rebooted in a week.
Report on AD group membership changes for key groups.
Find accounts which haven’t logged on in X days and remove/disable/expire them (usually vendors or contractors)
Report on changes to AD OU objects.
Run cleanup scripts against remote workstations to make sure no users (or only allowed users) in local admin or power user groups. Report any anomalies.
email users to tell them they have to change their passwords. The script also sends me a report so if I know if somebody is going to get locked out, I can stop it before it happens.
upload old files to aws and send me a report.
delete old files.
run and distribute an excel report to the sales team.
Set expiry for user accounts, with PS you can set it to the minute instead of just the end of the day.
Check for and remove email forwarding rules when staff leave
NTFS permissions reports ( they get gussied up in excel)
Setting exchange mailbox permissions
Checking for locked users, unlocking them
Reporting on user mailbox sizes
Reporting the devices users have connected with through activesync
Anything you do in ADUC, do it in powershell instead. Start with a basic command, then build on it. If your scripts are always using hard coded variables, change them to take arguments. Then work on error handling and throw in some output logging. The http://powershellcookbook.com is a pretty good investment.
This is what I did. It was the easiest way for me to learn. I use Get-ADUser, Add-ADGroupMember, and Get-ADPrincipalGroupMembership all the time.
It’s also a great tool to use if you need to remove X security group from Y number of users or any other kind of batch operation.
A script that automates the process of setting up a loaner laptop (clears profiles, runs some updates, etc).
A script that runs a network speed test on a machine using iPerf and outputs results + other network information to a Cisco Webex Teams chat channel for viewing, mainly used to verify network connectivity on new computer setups.
A script that filters an Excel spreadsheet containing print job history to see what printers are being used most often as well as what users are printing to them.
A script to re-create the assigned ports for printers on our old print server that were set up to use WSD ports – it assigns a TCP/IP port using the IP address gathered from the WSD port configuration.
Various other small one-off scripts to automate manual data evaluation that would otherwise take a significant amount of time.
A suite of installation scripts for my PowerShell profile/dev environment.
Resetting AD passwords and sending temporary password and instructions
AD user account creation and provisioning based on data from our HR system’s API
Terminations – disabling AD User, converting mailbox to shared in O365 and recovering license, setting autoresponse on their email
Non-domain-joined computer setup (we inherit PCs often)
Migrating mailboxes to Office 365
Reporting Hyper-V Replication status
Auditing inconsistencies, such as comparing our HR data to AD attributes
A script that automates the process of setting up a loaner laptop (clears profiles, runs some updates, etc).
A script that runs a network speed test on a machine using iPerf and outputs results + other network information to a Cisco Webex Teams chat channel for viewing, mainly used to verify network connectivity on new computer setups.
A script that filters an Excel spreadsheet containing print job history to see what printers are being used most often as well as what users are printing to them.
A script to re-create the assigned ports for printers on our old print server that were set up to use WSD ports – it assigns a TCP/IP port using the IP address gathered from the WSD port configuration.
Various other small one-off scripts to automate manual data evaluation that would otherwise take a significant amount of time.

The list is virtually unlimited.. Powershell can have a Windows system do just about anything. Be sure to check out my Github for any scripts that may be useful in your environment!