The beginning
I started diving into PowerShell because I new it was a way to get me data that I was having to click through a gui to get. Call me lazy for not wanting to click through endless tabs to find what I want to find - you are probably right. Did I save time in doing it this way? In the short term - absolutely not. However, long term - definitely so.
Need me to add 1,000 people to a group or bulk do something? Give me a csv containing the users, and I will have it done in a couple of moments. This is what led me to start learning PowerShell, and its something thats bloomed into more systems than just AD.
IAM Engineering
In my current line of work I am responsible for managing AD servers, Okta tenants and overall Identity Access Management for my company. 16 AD servers, 40 or so Okta tenants and an ever growing listing of users.
When I first started it was overwhelming and I dealt with imposter syndrome for quite a while. However, I didn't let myself get hung up on it. I basically told my old boss, "Hey, just let me dive in and I will figure it out as I go. Jeremy, if you ever read this, I cannot thank you enough for the trust and guidance you gave me. I went very quickly from "Yeah I can understand some stuff in PowerShell" to "I don't like having to do this manually, but there isn't a way to handle it in code - so give me a couple of hours and there will be."
The ones and zeros
How do you go from simple one liners to a fully functional module containing approximately 6,000 lines of code? Slowly and methodically.
Once you understand how to handle things in simple one line commands, you can take that and expand it to grow into fully fledged IAM PowerShell modules. Just go slowly and keep iterating.
From this
set-aduser john.smith -accountexpirationdate '04/01/2026' -enabled:$false
set-aduser jane.doe -accountexpirationdate '04/01/2026' -enabled:$false
To this
$users = @()
$users = @("john.smith","jane.doe")
foreach($u in $users){
set-aduser $u -accountexpirationdate '04/01/2026' -enabled:$false
}
Is this a giant leap forwards? Absolutely not, however - it's still a leap forwards. You might say "John, this took me longer to write out than to just set this in the gui". You might be right - but how about processing a 1,000 users? At that rate, it becomes easier for someone to hand you a csv file containing a unique identifyer such as samaccountname, email, employee number and you just can process it like so:
CSV example
| EmployeeID | |
|---|---|
| Emp0001 | jane.doe@example.com |
| ... | ... |
| ... | ... |
| Emp1000 | john.smith@example.com |
$users = @()
$users = import-csv -path "Path:\To\Csv_file.csv"
foreach($u in $users){
$userinfo = @()
$userinfo = get-aduser -filter "employeeNumber -eq '$($u.employeeid)'"
set-aduser $userinfo.samaccountname -accountexpirationdate '04/01/2026' -enabled:$false
}
This then allows you to process x number of records across whatever changes you need to make: email domain changes, account expiry dates, enabled status, manager changes, etc.
The possibilities are endless
This is the gateway into doing so much more with powershell for your day to day proceses. The goal is to make your job easier to manage so you are having less stress about doing things and other people think you are a wizard and just magically make things happen.
The biggest thing is to keep asking yourself how you can script and/or automate this thing you are doing.