Deploy-ready scripts for sysadmins and IT pros
PowerShell and Bash you can actually run in production: reviewed, hardened and idempotent, safe by default, with the reasoning and the gotchas spelled out.
Every script is also on GitHub, clone the whole collection, star it or open a pull request.
15 results
Export Microsoft 365 User Activity (Graph, Sign-in and Power BI)
Pull Microsoft 365 active-user details, per-user last sign-in and Power BI activity events to CSV with app-only authentication, for adoption, licensing and offboarding reporting.
Delete All File Versions Across SharePoint Online to Reclaim Storage
Permanently delete the version history of every file in every document library across all SharePoint Online sites with PnP PowerShell, to reclaim storage. Destructive and irreversible, so use it with care.
Set a Max File-Version Limit on All SharePoint Online Sites
Cap major version history on every document library across all SharePoint Online sites with PnP PowerShell and app-only authentication, to stop old versions from silently eating your tenant storage.
Export Mailboxes with Forwarding Configured (Exchange Online)
Audit every Exchange Online mailbox for forwarding and export the ones that forward to a CSV, using app-only certificate authentication. A fast check for the auto-forwarding attackers use to exfiltrate mail.
Export Active Directory Users from an OU to CSV
Export all user accounts in a specific Active Directory OU to CSV (name, UPN, distinguished name and mail) with Get-ADUser, scoped to one search base for fast, targeted inventories.
Export Microsoft 365 Licenses to CSV (Graph App-Only)
Export every Microsoft 365 license (subscribed SKU) to a timestamped CSV with consumed-versus-available units, using app-only Microsoft Graph certificate authentication so it runs unattended.
Restart Windows services on remote servers with email alerts
Restart one or more Windows services on remote servers, ping-checked, with success/failure email alerts. Pipeline-driven, -WhatIf safe, and fixes the en-dash/curly-quote bugs in the original.
BitLocker Recovery Keys from AD Without RSAT (Pure ADSI)
Retrieve BitLocker recovery keys from Active Directory using pure ADSI on any domain-joined machine with PowerShell 2.0+. No RSAT required.
BitLocker Recovery Keys: Get Them from Active Directory
Retrieve BitLocker recovery keys from Active Directory by computer name or 8-character password ID. Uses Get-ADObject with the AD module.
Enable DFSR Auto-Recovery on Domain Controllers
PowerShell script enables DFSR auto-recovery on all domain controllers using CIM instead of deprecated wmic. Tested on Server 2016-2025 with WhatIf support.
Disable Inactive AD Users: Multi-DC Last Logon Script
Disable dormant AD user accounts safely by reconciling true LastLogon across every domain controller. Includes -WhatIf dry run, exclusion group support, and CSV reporting.
Disable Stale AD Computers: Multi-DC LastLogon Script
Disable stale AD computer accounts safely by reconciling true LastLogon across all DCs. Includes -WhatIf dry run and CSV export.
Disable SMBv1 Completely: Server, Client & Windows Feature
Block the WannaCry attack vector in 3 steps. Remove SMBv1 server, client, and Windows feature using PowerShell with registry fallback for legacy systems.
Windows Fast Startup: How to Disable for True Shutdown
Disable Fast Startup via PowerShell registry edit. Prevents hibernated kernel sessions that break driver updates, GPO changes, and patch installations.
Create a Local Admin Account: Idempotent and Locale-Safe
Idempotent PowerShell script creates a local admin using SID S-1-5-32-544 for locale safety. Works on French, German, or any Windows. Pair with LAPS.