Community Pick: Many members of our community have endorsed this article.
Editor's Choice: This article has been selected by our editors as an exceptional contribution.

PowerShell: Where do I start?

Dale HarrisSenior Customer Success Engineer
Published:
Updated:
This article is intended to be a 2 part Primer to get someone up and running quickly and efficiently in Powershell, but also including small useful tips that you might not find elsewhere.  

One of the things I see often is people starting out using Powershell, and not realizing what’s out there to help.  My main job is to manage both Servers and Users in our domain.  If you manage Servers and Users for a living, this article might just make your life a whole lot easier.

If you haven't read the article: https://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/A_3296-The-Absolute-Beginner's-Guide-to-Powershell.html you should before continuing on with this one.  It's a great basic explanation of the structure of Powershell and will guide you well in your journey to becoming proficient with Powershell.

Powershell Part 1:
You’ve downloaded Powershell, and set the execution policy to unrestricted.  Now what?  You will need to get a few prerequisites installed to make your job easier: Quest AD CMDlets from www.quest.com and if you’re running an Exchange 2007 or 2010 environment, you’re going to want to install the Exchange Management console on your work computer.  The goal is to never have to remote into any servers to get any management done.  You can do it all from your workstation.

Powershell Part 2:
You’ve installed all of the pre-requisites and you’re wanting to help out your team by being there in a flash to help them out.  Here are some things you can work on developing that are fairly easy:
An administration script to manage users and do simple functions like unlock accounts, reset passwords, and check on an account to see if it’s been created yet
A script to create a user in Powershell while putting a static value in for everything that doesn’t change from user to user like logon scripts, expiration date, and default password
A startup script
Let me go in detail with some examples and why they are important:

Administration Script
When a user walks into your office or calls you up on the phone, they want to be fixed quickly, efficiently, and most importantly correctly.  How often have you reset someone’s password to the wrong password and had to reset it again causing more work?  How often have you fumbled to bring up Active Directory Users and Computers, Right-Clicked on the domain, hit find, put in the user’s name, and finally realize that the user isn’t locked out and they’ve been staring at you the entire time while you were wasting theirs?  

This can all be alleviated by an administration script.  Which also ties into the Startup script.

Your first script that runs on Powershell is actually a file called “Microsoft.Powershell_profile.ps1” if it is available to your profile.  All you need to do is create a folder in your “my documents” folder called WindowsPowershell, and then create a text file in that folder with the name above.

This script is your lifeblood.  It sets up the playing field evenly between the members of your team and allows everyone to fix things quickly and efficiently.  The first thing they should be reaching for is that toolkit with the ability to unlock that user.  I recommend leaving the Admin script up in the background when you’re using your computer ready and waiting for your commands.

Recommended: Create startup script that installs the Quest Active Directory CMDLets and installs the Exchange Management Console.  Lastly, the admin script is ran.
#Leave any comments with the # sign
                      #Install Quest Active Directory CMDLets
                      Write-Host “Installing Quest Active Directory Tools.  Please wait…”
                      Add-PSSnapin Quest.ActiveRoles.ADManagement
                      Write-Host “Installing Exchange Management Tools.  Please wait…”
                      Add-PSSnapin Microsoft.Exchange.Management.Powershell.Admin
                      #Next line is to change directory to your scripts folder.  Recommend C:\Scripts
                      CD C:\Scripts
                      #Next line is to run your Admin script
                      .\Admin.ps1

Open in new window


First Admin Tool: Unlock User Account
The first script I made ever in Powershell for our domain was to create a new user.  The second script I created was an unlocking script.  I then refined it and created a pretty simple script that is very effective.
#This script unlocks a users account with the credentials of the user logged in
                      $name = Read-Host "Account Username or last name"
                      if ($Name.contains(".")) #Most user accounts are first.last
                      {
                      Unlock-QADUser "DOMAIN\$name"
                      }
                      else
                      {
                      $LastNameMatches = get-qaduser $Name
                      if ($LastNameMatches -eq $null){
                      Write-Host "No Matches Found!"
                      $Pause = Read-Host "Press Enter to Continue..."
                      .\admin
                      }
                      else
                      {
                      	if ($LastNameMatches.count -gt "1"){
                      	Write-Host "Matches found:"
                      	$counter = [int]0
                      	foreach ($Name in $LastNameMatches){
                      		$Description = $name.description
                      		$UnlockStatus = $Name.accountislockedout
                      		Write-Host "$counter : $Name - $Description - Locked Out: $UnlockStatus"
                      		$counter++
                      	} #End FOREACH
                      	$Selection = Read-Host "Select a user by number only"
                      	$user = $lastnamematches[$selection]
                      	unlock-qaduser $user
                      	Write-Host "Unlocked $User"
                      	}
                      	else
                      	{
                      	unlock-qaduser $LastNameMatches
                      	Write-Host "Unlocked $LastNameMatches"
                      	}#end if
                      
                      	} #end if
                      
                      }#end if
                      
                      $Pause = Read-Host "Press Enter to Continue..."
                      .\admin

Open in new window


You can do the same thing for a reset password script or a Disable/Enable User script.

Here's the code that I've written for my Admin Script:
Clear-Host	
                      
                      Do  #Ensures user has input a proper value
                      {
                      "Welcome to the Account Administration Script"
                      Write-Host "Pick from the following options" -foreground "yellow"
                      ""
                      "1. Create New Account" 
                      "2. Unlock Account"
                      "3. Reset Account Password"
                      "4. Enable/Disable Account"
                      "5. Account Status"
                      
                      ""
                      [int]$strChoice = Read-Host "Enter Choice(1-5)"
                      	if ($strChoice -eq ""){$strChoice = 1}
                      } #end do for Description
                      
                      While (($strChoice -lt 1) -or ($strChoice -gt 5))#-gt means Greater Than as opposed to '>' symbol
                      ""
                      ""
                      #Depending on what user inputs, chooses the proper assignment of variable
                          Switch ($strChoice) 
                              { 
                                  1 {.\accounts.ps1}
                                  2 {.\Unlock.ps1}
                                  3 {.\ResetPW.ps1}
                                  4 {.\EnableAccount.ps1}
                                  5 {.\StatusAccount.ps1}
                                  Default {.\Accounts.ps1}
                              } #end Switch Statement

Open in new window


We live in the time of Google, so I’m not really doing anything but putting all the information into one place up until this point in this article.

Lastly, there is something that I’ve cooked up that I haven’t seen from anyone yet.  I created the system because we had issues when someone would update a script, not everyone would get the update due to various reasons.  Not everyone on your team codes Powershell.  They don’t know how to troubleshoot error codes like you do.  They don’t know how to go into the script and make the necessary changes.  When you make changes to your scripts, sometimes it’s not just updating the menu.  Sometimes your OU structures get changed and your scripts have to be changed accordingly.  Sometimes you get a stoke of genius at midnight and feel compelled to create a new script and add it to your admin toolbox, but no one else has the time to add their new code to their admin toolbox or add the new script to their own computer.  Maybe you create a better startup script and want to give that to your teammates to help them stay ahead of the customer.  Whatever your reasons, it’s always important to have a way of updating scripts for other people.  

Since I’m the only Powershell guy on my team, I’m forced to either send an email out with simple instructions or manually remote into their C:\ drive and replace it on their computer.  It’s not as quick and easy as a script, that’s for sure.

If you are interested in how to update your scripts across multiple machines and team members, the article is now published and ready to view.  It's geared towards those that are more familiar with Powershell, but can be implemented by anyone.  If you liked this article, be sure and recommend it to others and mark it as helpful.  If you're trying to implement this into your environment and are having any issues, please feel free to comment on this article.
10
10,228 Views
Dale HarrisSenior Customer Success Engineer

Comments (4)

Commented:
I did not see a powershell console in Winodws 7, can you direct me to where it is?
Dale HarrisSenior Customer Success Engineer

Author

Commented:
If you have Powershell installed on your computer, when you bring up the Run Box and type in Powershell, it will load it.

Also, if you have indexing turned on, you can type in Powershell in your start menu search bar, and it should bring it up.

This article is just one step past the article listed above:
https://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/A_3296-The-Absolute-Beginner's-Guide-to-Powershell.html

If you're just starting out, you should definitely read that article first.

Thanks for reading this article!

Dale Harris
Dale very nice article.  It is very useful and takes a real world approach to getting started really using powershell to make your life easier.  I like these scripts because they are written so that anyone on your team including those not familiar with powershell can easily run them.  Keep this kind of stuff coming.  As I move closer to my Master status here at EE I will gladly share similar tools as I develop them.
Dale HarrisSenior Customer Success Engineer

Author

Commented:
Ryan,

Thanks for the comments.  I do hope you achieve your Master status quickly and you should absolutely share with us what you've cooked up for your environment!

-Dale

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.