Skip to main content
< All Topics
Print

Top System Administrator Tips + Scripts

Posted
Updated
Bychris_fry

1. πŸ” Enforce Strong Password Policies (AD)

Weak passwords = biggest risk.

Tip: Regularly audit password settings and enforce complexity.

Import-Module ActiveDirectoryGet-ADDefaultDomainPasswordPolicy | Select-Object *

πŸ‘‰ Pro move: Alert if policy drifts from standard

$policy = Get-ADDefaultDomainPasswordPolicyif ($policy.MinPasswordLength -lt 14) {
    Write-Warning "Password length is below recommended standard!"
}

2. πŸ‘€ Find Inactive Users (Security + Licensing Savings)

Tip: Disable stale accounts after 60–90 days.

$days = 90
$date = (Get-Date).AddDays(-$days)Search-ADAccount -AccountInactive -UsersOnly -TimeSpan $days.00:00:00 |
Select Name, LastLogonDate

πŸ‘‰ Disable them:

Search-ADAccount -AccountInactive -UsersOnly -TimeSpan $days.00:00:00 |
Disable-ADAccount

3. πŸ’» Monitor Disk Space Across Servers

Tip: Prevent outages before they happen.

$servers = @("Server1","Server2")foreach ($server in $servers) {
    Get-WmiObject Win32_LogicalDisk -ComputerName $server -Filter "DriveType=3" |
    Select-Object @{Name="Server";Expression={$server}},
                  DeviceID,
                  @{Name="FreeGB";Expression={[math]::round($_.FreeSpace/1GB,2)}}
}

4. πŸ“¦ Automate Software Inventory

Tip: Know what’s installed everywhere.

$computers = Get-ADComputer -Filter * | Select -Expand Nameforeach ($computer in $computers) {
    Get-WmiObject -Class Win32_Product -ComputerName $computer |
    Select PSComputerName, Name, Version
}

⚠️ Note: Win32_Product is slowβ€”use registry for large environments.

5. πŸ”„ Restart Critical Services Automatically

Tip: Auto-heal common outages.

$service = "Spooler"if ((Get-Service $service).Status -ne "Running") {
    Restart-Service $service
    Write-Output "$service restarted"
}

6. πŸ“Š Daily Health Check Report (Email)

Tip: Know your environment before users do.

$servers = @("Server1","Server2")
$report = foreach ($server in $servers) {
    Get-Service -ComputerName $server |
    Where-Object {$_.Status -ne "Running"} |
    Select PSComputerName, Name, Status
}$report | Out-File "C:\Reports\DailyHealth.txt"

πŸ‘‰ Pair with scheduled task + email send

7. πŸ” Audit Admin Group Membership

Tip: Detect privilege creep.

Get-ADGroupMember "Domain Admins" |
Select Name, SamAccountName

πŸ‘‰ Export for auditing:

Get-ADGroupMember "Domain Admins" |
Export-Csv "C:\Audit\DomainAdmins.csv" -NoTypeInformation

8. 🧹 Clean Temp Files Automatically

Tip: Reclaim space and improve performance.

$path = "C:\Windows\Temp\*"Get-ChildItem $path -Recurse -Force -ErrorAction SilentlyContinue |
Remove-Item -Force -Recurse -ErrorAction SilentlyContinue

9. 🌐 Test Connectivity to Critical Systems

Tip: Monitor dependencies (DCs, apps, internet)

$targets = @("8.8.8.8","yourdomain.com","Server1")foreach ($target in $targets) {
    Test-Connection -ComputerName $target -Count 2 -Quiet
}

10. 🧾 Bulk User Creation from CSV

Tip: Save hours during onboarding.

Import-Csv "C:\users.csv" | ForEach-Object {
    New-ADUser `
        -Name $_.Name `
        -GivenName $_.FirstName `
        -Surname $_.LastName `
        -SamAccountName $_.Username `
        -UserPrincipalName "$($_.Username)@domain.com" `
        -AccountPassword (ConvertTo-SecureString $_.Password -AsPlainText -Force) `
        -Enabled $true
}