Windows PowerShell for System Admins

Script to take a username and move to a Disabled Users OU and Disable the Account

#user username of who you want to disable and move to disabled Users OU

$username = "John Doe"

#Creates a variable to be used for the script

$system = Get-ADUser -Filter 'Name -eq $username' -Properties * | Select -ExpandProperty distinguishedname






#This moved to the disabled OU

Move-ADObject -Identity $system -TargetPath "OU=Disabled User Accounts,,DC=contoso,DC=local"

# This disabled the account
Disable-ADAccount -Identity $system

Script to looks for Computers that have not logged in for a year, move to disabled OU and disable computer account

$oldstuff = (Get-Date).AddDays(-365)

$ADComps= Get-ADComputer -Filter *  -SearchBase "DC=contoso,dc=local" -Properties * | Where-Object {$_.LastLogonDate -le $oldstuff} | Select -expandproperty distinguishedname



ForEach ($system in $ADComps)
{ 

Move-ADObject -Identity "$system" -TargetPath "OU=Disabled Computers,OU=Cemco,DC=contoso,DC=local"
Disable-ADAccount -Identity $system

}

Check is AD user is enabled

$user = Read-Host "Enter User to check status: "



Get-ADUser -Filter 'Name -eq $user' -Properties * | Select Name,LastLogon,Enabled,LastLogonDate

Check for Old Computers

$dte = Get-Date
$past = $dte.AddDays(-90)


Get-ADComputer -Filter "Enabled -eq 'True'" -Properties * | Where-Object -Property LastLogonDate -LE $past | select Name, LastLogonDate, LastLogon,OperatingSystemVersion

Check for Old Enabled AD Users

$dte = Get-Date
$past = $dte.AddDays(-90)




Get-ADUser -Filter "Enabled -eq 'True'" -Properties * | Where-Object -Property LastLogonDate -LE $past | select Name, LastLogonDate

Check Version of Windows 10 in AD

$ADSystem = Get-ADComputer -Filter "Enabled -eq 'True'" -Properties * | select Name, LastLogonDate, LastLogon,OperatingSystemVersion, DistinguishedName | Where-Object {$_.OperatingSystemVersion -like "10.0*"} | Out-GridView

Find old files and calculate size

$files = Get-ChildItem -Path "F:\" -Recurse | Where-Object {$_.LastWriteTime -lt (Get-Date).AddDays(-1825)}
$totalSize = ($files | Measure-Object -Sum Length).Sum /1GB
$totalSize

Find files that exceed max name length

Get-ChildItem -Recurse -Path "F:\" | Where-Object {$_.FullName.Length -gt 260} | %{"{0} : {1}" -f $_.fullname.Length,$_.fullname } > c:\longfile.csv

Find users with old passwords

$oldstuff = (Get-Date).AddDays(-365)

$ADUsr= Get-ADUser -Filter "Enabled -eq 'True'"  -SearchBase "OU=Company,DC=contoso,DC=local" -Properties * | Where-Object {$_.PasswordLastSet -le $oldstuff} | Where-Object {$_.LastLogonDate -le $oldstuff} | Select Name, LastLogonDate, PasswordLastSet, PasswordNeverExpires | Out-GridView

Find old files and move to new location

get-childitem -Path "C:\Users\jdoe\Downloads" |
    where-object {$_.LastWriteTime -lt (get-date).AddDays(-30)} | 
    move-item -destination "C:\Users\jdoe\OneDrive - Contoso\Documents\test"

Find status of MFA for Azure AD Users

Write-Host "Finding Azure Active Directory Accounts..."
$Users = Get-MsolUser -All | ? { $_.UserType -ne "Guest" }
$Report = [System.Collections.Generic.List[Object]]::new() # Create output file
Write-Host "Processing" $Users.Count "accounts..." 
ForEach ($User in $Users) {
    $MFAEnforced = $User.StrongAuthenticationRequirements.State
    $MFAPhone = $User.StrongAuthenticationUserDetails.PhoneNumber
    $DefaultMFAMethod = ($User.StrongAuthenticationMethods | ? { $_.IsDefault -eq "True" }).MethodType
    If (($MFAEnforced -eq "Enforced") -or ($MFAEnforced -eq "Enabled")) {
        Switch ($DefaultMFAMethod) {
            "OneWaySMS" { $MethodUsed = "One-way SMS" }
            "TwoWayVoiceMobile" { $MethodUsed = "Phone call verification" }
            "PhoneAppOTP" { $MethodUsed = "Hardware token or authenticator app" }
            "PhoneAppNotification" { $MethodUsed = "Authenticator app" }
        }
    }
    Else {
        $MFAEnforced = "Not Enabled"
        $MethodUsed = "MFA Not Used" 
    }
  
    $ReportLine = [PSCustomObject] @{
        User        = $User.UserPrincipalName
        Name        = $User.DisplayName
        MFAUsed     = $MFAEnforced
        MFAMethod   = $MethodUsed 
        PhoneNumber = $MFAPhone
    }
                 
    $Report.Add($ReportLine) 
}

Write-Host "Report is in c:\temp\MFAUsers.CSV"
$Report | Select User, Name, MFAUsed, MFAMethod, PhoneNumber | Sort Name | Out-GridView
$Report | Sort Name | Export-CSV -NoTypeInformation -Encoding UTF8 c:\temp\MFAUsers.csv