Skip to content

Tag: Automation

Modern Azure PowerShell: Where It Still Makes Sense

Published on 3 February 2026

Azure PowerShell never really went away, but the way it’s used has changed a lot.

If you still think of it as a provisioning tool, or something that lives in old Automation Accounts, you’re probably missing where it actually fits in modern Azure environments.

This isn’t about scripts for creating resources. It’s about operating and governing Azure safely once infrastructure already exists.

PowerShell Isn’t Competing With IaC

Terraform and Bicep are very good at declaring infrastructure.
PowerShell is very good at reasoning about what already exists.

That distinction matters.

In real-world platforms, PowerShell is usually used after deployment:

  • validating configurations
  • checking compliance
  • coordinating changes across subscriptions
  • enforcing standards that can’t be expressed cleanly as declarations

Trying to replace Terraform with PowerShell creates fragile automation.
Trying to replace PowerShell with Terraform creates blind spots.

Mature teams use both, intentionally.

Where Azure PowerShell Still Shines

PowerShell tends to show up in places where context matters.

It’s commonly used for:

  • subscription and tenant-level visibility
  • identity-aware automation using managed identities
  • guardrails that detect drift rather than constantly rewriting state
  • controlled operational changes where “just apply” would be risky

These problems are procedural by nature. PowerShell handles them well.

Why Old PowerShell Got a Bad Reputation

Most complaints about Azure PowerShell come from outdated patterns:

  • long, stateful scripts
  • manual authentication
  • hard-coded assumptions
  • automation that can’t be safely re-run

Those approaches don’t survive modern governance or security expectations.

Today, PowerShell automation is usually:

  • stateless
  • identity-first
  • read-heavy and conservative about changes
  • designed to fail safely

When used that way, it scales surprisingly well.

PowerShell vs Azure CLI: The Real Difference

Most comparisons focus on syntax or preference, but that’s not what matters in practice.

Azure CLI is optimised for direct execution. It works best when the task is clear, linear, and short-lived. That makes it a good fit for ad-hoc operations and simple automation.

PowerShell is better at reasoning about state. Its object-based approach makes it easier to inspect resources, apply conditions, and handle edge cases as automation grows more complex.

This difference becomes obvious over time. CLI scripts tend to stay small. PowerShell scripts tend to evolve into tools that are maintained by teams, not individuals.

That’s why many mature Azure environments use both: CLI for speed, PowerShell for automation that needs to last.

How to Manage Windows Services with PowerShell

Published on 6 March 2024

Windows services are essential components of the Windows operating system, responsible for executing tasks in the background. With PowerShell, you can efficiently manage these services, stopping and starting them as needed. This article will walk you through the process of stopping and starting Windows services using PowerShell, including exporting a list of running services for reference.

Overview of Windows Services in PowerShell

PowerShell provides cmdlets (command-line utilities) for managing Windows services. The Get-Service, Stop-Service, and Start-Service cmdlets are commonly used for controlling services.

Windows Services

Exporting a List of Running Services:

Before diving into stopping and starting services, let’s export a list of currently running services for reference purposes. Here’s how you can achieve this using PowerShell:

# Export a list of running services to a text file
Get-Service | Where-Object { $_.Status -eq 'Running' } | Select-Object DisplayName, Status | Export-Csv -Path 'RunningServices.csv' -NoTypeInformation

This script retrieves all running services, selects their display names and statuses, and exports them to a CSV file named RunningServices.csv.

Stopping a Windows Service:

To stop a Windows service using PowerShell, you can use the Stop-Service cmdlet. Here’s an example:

# Stop a specific service
Stop-Service -Name 'ServiceName'

Replace 'ServiceName' with the name of the service you want to stop. e.g. ‘Adobe Acrobat Update Service’

Starting a Windows Service:

Starting a service is as straightforward as stopping it. You can use the Start-Service cmdlet to initiate a stopped service. Here’s how:

# Start a specific service
Start-Service -Name 'ServiceName'

Again, replace 'ServiceName' with the name of the service you wish to start.

Putting It All Together:

Now, let’s combine the above concepts into a comprehensive script that exports the list of running services, stops a specific service, starts it again, and verifies its status:

# Export a list of running services
Get-Service | Where-Object { $_.Status -eq 'Running' } | Select-Object DisplayName, Status | Export-Csv -Path 'RunningServices.csv' -NoTypeInformation
 
# Stop a specific service
Stop-Service -Name 'ServiceName'
 
# Start the same service
Start-Service -Name 'ServiceName'
 
# Verify service status
Get-Service -Name 'ServiceName'

This script exports the list of running services, stops a specific service, starts it again, and finally verifies its status to ensure the operation was successful.

Conclusion

PowerShell provides powerful tools for managing Windows services efficiently. With the Get-Service, Stop-Service, and Start-Service cmdlets, you can easily stop and start services as needed. Additionally, exporting a list of running services allows for better monitoring and management of your system. Experiment with these cmdlets to streamline your administrative tasks and improve productivity.

Active Directory Administration with Python – pt. 1

Published on 5 March 2024

Active Directory (AD) is a vital component of many organizations’ IT infrastructures, serving as a central repository for user accounts, group policies, and network resources. While traditional methods of AD administration involve manual configuration through GUI tools or PowerShell scripts, Python offers a powerful alternative for automating routine tasks and managing AD more efficiently. In this article, we’ll explore how to perform basic AD administration tasks using Python, leveraging the pyad library.

Setting Up the Environment

Before diving into AD administration with Python, ensure you have the necessary prerequisites:

  1. Python installed on your system (version 3.x recommended).
  2. Install the pyad library using pip:
pip install pyad
Install Pyad
  1. Access to an Active Directory domain and appropriate permissions for the tasks you intend to automate.

Connecting to Active Directory:

The first step in AD administration with Python is establishing a connection to the Active Directory domain. Use the following code snippet to connect:

from pyad import *
 
# Connect to the Active Directory domain
pyad.set_defaults(ldap_server="<your_ldap_server>")

Replace <your_ldap_server> with the hostname or IP address of your domain controller.

Creating a New User Account:

Creating new user accounts is a common AD administration task. Here’s how you can do it with Python:

from pyad import *
 
# Set the organizational unit (OU) where the new user will be created
ou = pyad.adcontainer.ADContainer.from_dn("OU=Users,DC=example,DC=com")
 
# Create a new user object
new_user = pyad.aduser.ADUser.create("JohnDoe", ou)
 
# Set user attributes
new_user.update_attribute("givenName", "John")
new_user.update_attribute("sn", "Doe")
new_user.update_attribute("userPrincipalName", "JohnDoe@example.com")
new_user.update_attribute("password", "P@ssw0rd")
new_user.update_attribute("description", "Example User Account")
 
# Save changes
new_user.commit_changes()

Replace "OU=Users,DC=example,DC=com" with the distinguished name (DN) of the OU where you want to create the user.

Modifying User Attributes:

You can also modify existing user attributes using Python. Here’s an example of updating a user’s email address:

from pyad import *
 
# Retrieve the user object
user = pyad.aduser.ADUser.from_cn("JohnDoe")
 
# Update the email address
user.update_attribute("mail", "john.doe@example.com")
 
# Save changes
user.commit_changes()

Replace "JohnDoe" with the common name (CN) of the user you want to modify.

Deleting a User Account:

When a user leaves the organization or their account becomes obsolete, you may need to delete it from AD. Here’s how you can do it with Python:

from pyad import *
 
# Retrieve the user object
user = pyad.aduser.ADUser.from_cn("JohnDoe")
 
# Delete the user account
user.delete()

Replace "JohnDoe" with the CN of the user you want to delete.

Conclusion

Automating Active Directory administration with Python can greatly streamline repetitive tasks and improve efficiency in managing user accounts and other AD objects. By leveraging the pyad library, you can perform basic AD operations programmatically, saving time and reducing the risk of manual errors. Experiment with the examples provided and explore additional functionalities to tailor automation to your organization’s specific needs.

Active Directory Administration with PowerShell – pt. 1

Published on 1 March 2024

Active Directory (AD) serves as the backbone of many IT infrastructures, governing user authentication, access control, and resource management in Windows environments. While the Active Directory Users and Computers (ADUC) GUI provides a user-friendly interface for managing AD objects, PowerShell offers unparalleled flexibility and automation capabilities. In this guide, we’ll delve into harnessing the power of PowerShell for efficient AD administration, focusing on viewing users as a fundamental task.

Getting Started

Before diving into PowerShell commands, ensure you have the necessary permissions to administer Active Directory. Typically, this requires membership in the Domain Admins group or equivalent permissions.

Connecting to Active Directory:

The first step is establishing a PowerShell session with your Active Directory domain. Launch PowerShell as an administrator and execute the following command:

Import-Module ActiveDirectory

This command loads the Active Directory module, providing access to a plethora of cmdlets tailored for AD administration.

Next, connect to your Active Directory domain using the Connect-ADServiceAccount cmdlet:

Connect-ADServiceAccount -Credential (Get-Credential)

You’ll be prompted to enter the credentials of an account with sufficient privileges to access AD.

Viewing Users:

Now, let’s explore some PowerShell commands to view users in Active Directory.

  1. Get-ADUser: This cmdlet retrieves user accounts that match specified criteria. To view all users in the domain, execute:
Get-ADUser -Filter *

This command returns a list of all user accounts in the domain.

  1. Get-ADGroupMember: Often, you may want to view users within a specific group. Use this cmdlet to retrieve members of a particular group. For example, to view members of the “Administrators” group, run:
Get-ADGroupMember -Identity "Administrators"

Replace "Administrators" with the desired group name.

  1. Search-ADAccount: This cmdlet allows you to search for user accounts based on various criteria, such as disabled, locked out, or expired accounts. For instance, to view disabled user accounts, use:
Search-ADAccount -AccountDisabled

This command displays a list of disabled user accounts.

Filtering and Sorting Users:

PowerShell enables you to filter and sort AD users based on specific attributes. For example, to filter users by department and sort them alphabetically by name, execute:

Get-ADUser -Filter {Department -eq "IT"} | Sort-Object -Property Name

Replace "IT" with the desired department name.

Exporting User Data:

You can export user data retrieved from Active Directory to a CSV file for further analysis or reporting. To export all user accounts to a CSV file, use:

Get-ADUser -Filter * | Export-Csv -Path "C:\Users.csv" -NoTypeInformation

This command exports all user accounts to a CSV file named “Users.csv” in the specified path.

Conclusion

PowerShell empowers administrators to efficiently manage Active Directory environments with precision and automation. By leveraging PowerShell cmdlets, you can streamline common tasks, such as viewing users, and perform complex operations with ease. As you continue exploring PowerShell for AD administration, remember to exercise caution, especially when executing commands that modify AD objects. With practice and familiarity, PowerShell becomes an indispensable tool for mastering Active Directory administration.

© 2024 ScriptWizards.net - Powered by Coffee & Magic