Monday, June 22, 2015

PowerShell Triage for System Administrators

I've been working as a System Administrator for a university for several months now, and I've finally dipped my feet into the well-maintained pool of PowerShell.

Thanks to Powershell's intuitive design and architecture, I've been able to quickly develop a few basic tools that have really increased my productivity and made life a lot easier.

The "triage" of cmdlets that I've compiled are for managing user accounts without having to deal with Active Directory's cumbersome GUI. Both Ldapsearch and Reset have a -h argument to display additional options when running. I suggest that the simplest method for accessing these simply is to create a PowerShell profile that automatically sets aliases to these scripts when a shell is opened.

Test Credentials.ps1 is a simple call to ask for user credentials on the current domain. A popup window is presented to the user, and a verification is sent to the console after a logon attempt.

LdapSearch.ps1 is a ploy off the wonderful Linux-based Ldapsearch function. It takes multiple parameters and will let you search users or computers. The nice thing about this is that it will give you the DN of all searched objects, instead of having to deal with the (lack of) Active Directory display for this attribute.

Reset.ps1 is really the meat and potatoes of this triage. Reset will essentially handle calling both the above tasks, as well as perform password resets, account unlocks, and expiration date changes. Reset.ps1 handles multiple arguments and has built-in checks for any errors pertaining to a specified user account.

In Action: