If you've gotten this far wondering if It's worth learning how to perform PowerShell automation without being an administrator Regarding systems, let me tell you something: the answer is usually a resounding yes. Although many guides focus on server, domain, or corporate cloud administration tasks, PowerShell is a fantastic tool for automating your team's daily tasks and opening doors in the professional world, even if you don't currently manage an Active Directory or a complex infrastructure.
At the same time, it is true that the PowerShell's true potential shines when used for mass automationUser management, Active Directory transactions, resource control in Microsoft 365, Azure, Power Apps… That's why, in this article, we're going to see what can be done, how it's done, and in what scenarios it can be incredibly useful, whether you're an admin or just want to take your productivity to the next level.
Does PowerShell make sense if you're not an administrator?
Many people wonder if, if they're not going to touch servers, domains, or networks, PowerShell may not be useful in your day-to-day lifeAnd it's normal to think so when most of the examples you see talk about Active Directory forests, domain controllers, Microsoft 365 licenses, or deployments on Azure.
However, even as an "ordinary" user you can automate repetitive tasks: clean temporary files, check memory or disk usage, launch applications with different parameters, make simple backups, process CSV files, etc., and schedule them with the Task scheduler to automate maintenance.
That said, where it really takes off is when you use it for manage Microsoft infrastructuresActive Directory, Azure, Microsoft 365, Power Apps, Dynamics 365, etc. That's where the administration modules and cmdlets we'll see below come into play, and where you can save hundreds of hours of manual work.
PowerShell cmdlets to automate Microsoft platforms
PowerShell has several specialized cmdlet libraries for each Microsoft service. These libraries are modules that are installed and loaded into your PowerShell session to allow you to run platform-specific commands.
Power Apps: Automate environments, apps, and connections
Power Apps cmdlets are designed so that both creators and administrators can manage environments, applications and workflows without always relying on the web portal. With them you can list environments, view applications, review connectors and connections, or create workflows government over who can create what and where.
For example, with commands like Get-AdminPowerAppEnvironment You can get a complete list of environments, see their display name, GUID, and other essential details for later automation. This is key when you need to work with scripts that operate on a specific environment.
Microsoft 365: user-oriented automation
In the Microsoft 365 environment, PowerShell is used to automate tasks related to users and licensesFrom assigning or revoking licenses in bulk, to reviewing which users have a specific plan, disabling accounts, configuring properties, etc., and if you need more in-depth information, you can consult guides for manage users from PowerShell.
Using Microsoft 365 cmdlets allows you to, for example, manage new hires and terminations when staff enter or leave the organization, without having to navigate endlessly through the administration portal. This is especially useful when dealing with hundreds of users and policies that need to be applied precisely.
Dynamics 365 and Dataverse
In environments with Dataverse databases, the PowerShell modules for Dynamics 365 provide compatibility with the Online management API and with the implementation of automated solutions in different environments.
This means that you can Deploy solutions, move components between environments, manage configurations or launch repetitive tasks without having to do it manually each time. It's a perfect approach for scenarios with multiple organizations, test environments, and production environments.
Azure PowerShell
The Azure PowerShell library allows any Azure component to be part of your automated solutionVirtual machines, networks, storage, gateways, etc. It also allows you to integrate local resources, such as an application gateway, into your global infrastructure configuration.
This type of automation is key when you want maintain consistency across environmentsDeploy infrastructure as code or run recurring tasks (shutting down machines outside of business hours, reviewing costs, etc.).
Examples of administrative tasks with Power Apps and PowerShell
To illustrate the potential of PowerShell in Power Apps governance, we can look at some Typical tasks oriented towards environments and applicationsThe header cmdlet is Get-AdminPowerAppEnvironment, which returns the list of available environments.
By running it without parameters, you will get key information for each environment, such as the display name, its identifier (GUID), and other data. This GUID is essential for further, more detailed operations.
If you want to locate the tenant's default environment, you can apply additional parameters, such as -Default, which filter the result to quickly find that generic environment.
Once you know the GUID or internal name of the environment, you can use it to delve into its detailsFor example, by listing connections, associated applications, or flows. Combining cmdlets with the pipe operator makes it possible to chain queries: obtain the environment and, based on that result, launch other cmdlets such as Get-AdminPowerAppConnection.
Thanks to the pipeline and the manipulation of properties with commands like Select or GroupIt is possible to transform the output, group applications by environment, and generate custom objects that clearly show, for example, the number of apps per environment, along with their descriptive name.
Quick example: checking memory with PowerShell
To show that PowerShell is also useful even without being a domain administrator, you can use a cmdlet as simple as Get-CimInstance about the Win32_OperatingSystem class to query the free system memory.
By combining that information with a small calculation, you can Convert free memory to GB, round it up and compare it to a threshold passed as a parameter to a script (for example, 80 GB). Depending on the result, you will display a low memory warning or a message indicating that everything is fine.
This type of script, although simple, exemplifies well how PowerShell mix objects, mathematical operations and flow control (conditionals) to create quick utilities that you can adapt to your environment without needing extensive prior knowledge and run them from Windows Terminal.
Run programs as a normal user from an elevated script
A fairly common problem is having a script that needs run with administrator privileges for certain tasks (for example, system changes), but at the same time it must launch an application that we want to run with standard user permissions.
Imagine a script with a menu and loops that restarts applications with different arguments. Some of these actions require elevated privileges, but the final program should launch. without high privilegesUsing Start-Process with parameters like -RunAs or -Credential can force you to enter the password every time, which is impractical.
The solution involves playing with security contextsThis allows you to leverage the current interactive user or delegate the launch to another process that isn't elevated. It's not trivial, but it clearly demonstrates how PowerShell can manage processes and permissions in a rather sophisticated way, beyond simply executing commands.
Prepare PowerShell to work with Active Directory
If you are going to manage users, groups, or computers in an AD DS Server, the first step is verify the PowerShell version installed. Some features require specific versions or, at the very least, knowing what version you have to avoid unexpected behavior.
Commands like get-host, $PSVersionTable The `$PSVersionTable.PSVersion` command lets you check the version and features. `Get-Host` returns information about the console, while `PSVersionTable` provides a detailed summary of the PowerShell version and other environment data.
Once you have verified that everything is in order, you should import the Active Directory moduleThis module adds all the necessary cmdlets for working with users, groups, forests, domains, controllers, etc. The module is called ActiveDirectory.
To do this, it is recommended to open the PowerShell console with administrator permissions and run Import-Module ActiveDirectory. If no errors appear, the module is loaded and ready to use. From that point on, cmdlets such as Get-ADUser, New-ADUser, Get-ADDomain, and Get-ADGroup will be available.
Consult information about the forest and the domain
Once you have access to the Active Directory module, a very common practice is get an overview of the infrastructureThis is done using cmdlets that provide information about the forest, the domain, and the domain controllers.
Information from the AD DS forest
The cmdlet Get-ADForest It returns forest data, such as the name, domain list, sites, domain root, partitions, domain name master, and functional level.
This exit can filter with Select and the pipeline operator to show only the fields you're interested in. For example, only the domain name master or the functional level, which is very useful during audits or review tasks.
Domain information
Similarly, the cmdlet Get-ADDomain It provides information about the current domain: domain name, child domains, parent domain, DNS root, functional level, forest it belongs to, NetBIOS name, PDC emulator, RID master or infrastructure master.
You can also use here pipes and Select to display only certain fields, such as Name or DomainMode, or combine them in the same output. This helps quickly check the domain's status and configuration without having to navigate through graphical consoles.
Output formats: table, list, and window
PowerShell allows you to shape the presentation of information to make it more comfortable to readThe Format-Table (FT), Format-List (FL), and Out-GridView commands are three commonly used options.
For example, you can pipe the output of Get-ADDomain to FT to view it in table, to FL to view it in list format with more detail, or to Out-GridView to open an interactive window where you can filter and sort.
Domain controllers
The cmdlet Get-ADDomainController It gives you information about the DCs in your infrastructure. You can use the -Filter parameter to select only certain controllers or, again, combine it with Select to display specific fields (name, site, role, etc.).
Managing users in Active Directory with PowerShell
One of the most common uses of PowerShell with AD DS is the user account management: queries, registrations and cancellations, password changes, unlocks and attribute modifications.
View users and their properties
The basic cmdlet for obtaining user information is Get-ADUSerYou can use it by directly entering the account name to view its main details.
If you need more detailed information, the parameter -Properties It lets you specify which fields you want to see. For example, you can show all properties with * or only some, such as CN, UserPrincipalName, whenCreated, or whenChanged, as needed.
It is also very useful to launch a general query such as Get-ADUser -Filter * and combine it with .Count to find out how many users are registered in the domain. This serves as a quick audit to detect unexpected registrations or verify traffic volume.
Addition and removal of individual users
To create new users in Active Directory, the key cmdlet is New-ADUserBefore using it, it is common to prepare the password with ConvertTo-SecureString, since by default it is not supported to pass a password in plain text without this conversion.
Once you have the secure password in a variable, you can create the user with the minimum (name and password) or add parameters such as Description, enable the account from the first moment or define other attributes.
Regarding deletion, in local environments it is common to see commands like Remove-LocalUser To delete accounts from the local system, you can use the `-Filter` command. For domain users, equivalent cmdlets would be used, removing the account directly from Active Directory. Additionally, you can filter users by name patterns using `-Filter` with expressions like `Name -like "string*"` and combining it with `Select` to list only the `Name` field.
Bulk user registrations and cancellations via CSV
One of PowerShell's strengths is the massive automation of operationsTo create or delete many users at once, the usual practice is to use CSV files and scripts that iterate through them line by line.
In the case of bulk local creation, you can have a CSV file with user and password columns and several rows with the username/password pairs. You import the file with Import-Csv assign a variable (for example, $listofusers) and then iterate through that list with a foreach loop.
Inside the loop, you convert the password to SecureString and call cmdlets like New-LocalUser or New-ADUser depending on whether you're working on the local machine or the domain. This way, for each row in the CSV file, a user is created using the data from that row. If you're also working with local files, you can automate tasks with files to prepare or validate those CSV files before importing them.
For bulk deletion, the process is almost identical, but the CSV file typically contains only the username. After importing it, a foreach loop iterates through the list and calls... Remove-LocalUser or equivalent AD commands for each registered account.
Change passwords and unlock accounts
The cmdlet Set-ADAccountPassword It allows you to modify or reset passwords. If you know the current password, simply run the command and follow the prompts that request the current and new passwords.
If you don't know the previous password, you can use the -Reset modifier to set a new one directly without needing the old one. This approach is very common in technical support when a user has forgotten their password and cannot log in.
To unlock locked accounts, the appropriate cmdlet is Unlock-ADAccountAdding the `-Verbose` parameter will give you detailed messages about what's happening. Additionally, if you want to test without actually executing the action, the `-WhatIf` parameter simulates the operation, showing you what would happen.
Modify other user attributes
When you need to change data such as description, department, city, or other user fields, the cmdlet that comes into play is Set-ADUserWith it you can specify the target user and the property to modify.
For example, if you want to add a description, it's worth remembering that texts with spaces They must be enclosed in quotation marks to avoid interpretation problems. From there, you can chain together commands or scripts that adjust several attributes at once.
Managing groups in Active Directory with PowerShell
In addition to users, PowerShell also allows you to manage groups and memberships in a very convenient way, something fundamental in any directory environment.
View groups and their members
To view the data for a specific group, the cmdlet to use is Get-ADGroupby passing it the group name. Getting information about the group helps you review its configuration, scope, type, and other details.
If you want to see which users belong to a group, the appropriate command is Get-ADGroupMemberIts output includes basic information about each member object, such as its name, object type, or SID, simplifying the review of permissions and access.
Add users to groups
To add new users to an existing group, the cmdlet is used. Add-ADGroupMemberTypically, you pass the group name and then the user identifier, which in this context is usually the SamAccountName.
This approach is perfect for automate employee registrationIn addition to creating the account, a script can automatically add it to the appropriate groups (department, application permissions, resource access, etc.), avoiding manual errors.
Automate user migrations between organizational units
Another very common task is the mass migration of users between OUs within Active Directory, for example when the organization is restructured, departments are changed, or the AD tree is reorganized.
An effective way to do this is to start from a Excel file converted to CSVwith columns indicating the user, current location, and the new destination OU. This CSV is imported into PowerShell and looped through, constructing the LDAP path for the user object and the destination path.
The key cmdlet here is Move-ADObjectThe object identifier (the constructed LDAP path, for example with CN=User,OU=Origin,DC=…) and the TargetPath indicating the destination OU are passed to it. Each iteration of the loop moves a user from their old location to the new one.
This same approach can be adapted for adjust attributes in bulkChange descriptions, modify cities, update emails, etc. The trick is that PowerShell reads each row of the CSV as an object with properties, which you can then use in your scripts.
Create CSV files for bulk registrations with New-ADUser
To register many users in a domain, the cleanest way is to prepare a well-structured CSV file that contains in the first row the names of the properties, and from there, one row per user with their values.
The spreadsheet (LibreOffice Calc, Excel, etc.) allows you to define columns such as GivenName, Surname, SamAccountName, UserPrincipalName, etc., which must exactly match the cmdlet arguments. New-ADUser but without the script.
Once you have filled in all the users, export the sheet to CSV format, choosing the field delimiter (usually comma) Leaving the default options unless you need specific adjustments. Afterwards, it's recommended to open the file with Notepad to verify that the content is correct: headers on the first line and comma-separated values ​​on the following lines.
Importing users from CSV into Windows Server using PowerShell
When the CSV is ready, you take it to the server (by copying it to Documents, for example) and, from a PowerShell session with the Active Directory module loaded, you start the import.
The first step is to execute Import-Csv Check the file to verify that PowerShell correctly recognizes the columns. You'll see that each line becomes an object where each property corresponds to a column in the CSV file.
If the output is as expected, you can now chain the command with New-ADUser using the pipeso that each imported object is used as input for the account creation cmdlet. This way, you can register all the users in the file in a single line.
Since many properties will be common, it's a good idea to add parameters to New-ADUser on that same line, such as -Enabled $True to create active accounts from the start, or -AccountPassword combined with ConvertTo-SecureString to assign a default password.
You can also specify the target container or organizational unit using the parameter -Pathspecifying an LDAP path such as CN=Users,DC=domain,DC=local or another OU. After running the command, you can validate the result using Get-ADUser -Filter * or by filtering for newly created users.
Combining all of the above, it becomes clear that PowerShell is not just a console "for admins," but an automation platform capable of managing everything from small home scripts to the complete operation of an Active Directory forest, Microsoft 365 licenses, Power Apps environments, and Azure resources. Whether you're not managing anything today or you're in charge of an entire domain tomorrow, mastering these cmdlets and the logic with CSVs, pipes, and objects gives you enormous flexibility to save time, reduce errors, and have fine-tuned control over your entire Microsoft environment. Share the tutorial and more users will learn the steps to manage this PowerShell automation.