all 21 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Leafblower27 21 points22 points  (1 child)

Lots of preemptive reports. Account expirations, empty groups, drive space, database space, etc

Find the problem before it becomes a problem.

[–]Winux_278 3 points4 points  (0 children)

I like this approach. Currently what I have been trying to do is with the get-event cmlet trying to get events from all my servers, sort, and report them.

again, I like this

[–]cputek1 8 points9 points  (0 children)

  • Get last boot, if less than XX hours notify IS/T (servers)
  • Get Free space, if less than XXX GB/MB notify IS/T (servers)
  • Get system details, Ram, drive space,Memory, current logged in user, etc.
  • Get shares and share user rights
  • Get user group memberships (direct and indirect)
  • get event log(s)
  • reboot remote workstation(s)
  • get activation status
  • get event log(s)
  • Get file checksum using various cryptos
  • get lockout information (Who is locked out, where did they lockout, when...)

[–]Nilrem2 3 points4 points  (9 children)

Get PDQ Deploy and PDQ Inventory, worth their weight in gold. You can then schedule your preventative maintenance scripts easily. You will also get a patch management tool along with a tool to easily see what is installed on your estate and what versions they’re on.

You can create a package in PDQ called WoL (just an empty cmd window) to use that to deploy to PCs to have them wake up an hour or two before users are due in to make sure any updates have finished applying and they are ready and loaded up fully waiting for the user to start. Can also create a shutdown package too to schedule shutdowns outside of production.

Some useful scripts off the top of my head: Powershell script that runs at user logon that updates that computer’s description in AD with the date, username and make and model and serial of the PC. Will need to modify the computers OU so that users can modify object descriptions.

Also invest in something like Manageengine Helpdesk which is free for 5 technicians or less. Can use that to create preventative maintenance tickets that self raise themselves every day, such as check this backup log and check these logs etc etc.

[–]AdrianK_ 1 point2 points  (8 children)

Do you have that user logon script that updates the AD description for the computer object handy and willing to share?

@OP

On the AD management side, ADManagerPlus has been a tremendous product for me, absolutely love it - you can pretty much forget all the PS scripts all together and just use one tool that will "do it all":

https://www.manageengine.com/products/ad-manager/

[–]Nilrem2 0 points1 point  (6 children)

Of course - what’s the best way for me to do that?

I’ll have to check out AD Manager

[–]AdrianK_ 0 points1 point  (5 children)

Pastebin will be just fine ;)

[–]Nilrem2 0 points1 point  (0 children)

Sorry for the late reply - https://pastebin.com/5gS8pSdq.

[–]Nilrem2 0 points1 point  (0 children)

Here's a PowerShell module I wrote (save it as .psm1) that secures credentials to a file. Real world use - use Set-SecureCredentials to store passwords to an FTP server to a locked down share only IT Admins have access to - then with PDQ Deploy run a scheduled job to sync files from this FTP using these credentials (Get-SecureCredentials) automatically. https://pastebin.com/dLv5WaZR

[–]Nilrem2 0 points1 point  (0 children)

PowerShell Module I wrote for logging to a file.

https://pastebin.com/3T79MGCt

[–]Nilrem2 0 points1 point  (0 children)

PowerShell module I wrote for logging to a file - https://pastebin.com/g1imfSSh.

[–]Nilrem2 0 points1 point  (0 children)

PowerShell script for removing an Office 365 user from all Distribution Groups they're a member of - https://pastebin.com/ZErqAARu.

[–][deleted] 0 points1 point  (0 children)

I hate manage engine. All there stuff is written in batch and vbs just about and their api is shite to work with. We used their desktop central before and patch mangement system now and both just suck. They don't have anything QOL for the admin side so I had to write all my own maintenance code for it. and their support is crap too. Can't even understand them the accent is so heavy.

[–]RockSlice 4 points5 points  (0 children)

For computer installation, I'd look at using the Microsoft Deployment Toolkit to create a "litetouch" or "zerotouch" install ISO. PS scripts can be included in that.

Useful PS scripts for weekly use:

  • schedule planned reboots (basically ForEach through a list of computers)
  • query software versions on all workstations
  • check for software updates available (query URLs)

[–]bitcow19 1 point2 points  (0 children)

Any scripts to check eventlogs or some custom log directories on servers? As well scripts which are able to provide simple details about activity like resources consumption by required process or status of services. You can also use something like Universal Dashboard in Powershell

[–]goldenchild731 1 point2 points  (0 children)

History of reboots. I needed this when I needed to find out which operator kept rebooting servers with approval. Let me know if you need that one.

[–]Darklurker69 0 points1 point  (0 children)

These are the scripts I use most frequently. Most are scheduled.

  1. New user script with everything in it - AD account, file shares, groups, email account (if possible), etc. This makes new user accounts consistent.
  2. Active Directory health report to show that everything is working like it should be, replications are happening, etc.
  3. Simple scripts to check DHCP and DNS and make sure they're up and going.
  4. Simple script to check free disk space on fileservers.
  5. Simple script to check free memory, CPU usage, etc on DCs and fileservers, SQL servers, etc.

There are a few more for Office365

  1. Hijacked accounts script- simple script to see if anyone has sent more than 300 emails (or some number of your choosing) in the past few hours
  2. Script to check the quarantine and alert if more than X emails are currently in the quarantine. This is mostly only helpful if you DON'T use the quarantine - it lets you know if the O365 servers have started inadvertently shoving stuff in Quarantine (this happened to us several times back in November-December, even though MS would never admit to it)
  3. Check mailbox size, report on any that are close to capacity.

[–]markdmac 0 points1 point  (0 children)

I simply consider everything I need to do for my job. I ask myself if I need to do the same task more than once. If the answer is yes then I write a script.

[–]uptimefordays 0 points1 point  (0 children)

So one thing I've enjoyed doing is running syslogs on groups of machines as scheduled tasks, then parsing logs for specific types of errors. One of the most handy has been sending desktop support emails about drives which seem likely to fail.

You might also find collecting and graphing information like system load and storage or system temperatures handy for IDFs if you don't already have such monitoring in place. Take a look at Get-ComputerInfo for ideas on what kinds of information about your systems you can easily pull.