Skip to content

TN-Higher-Ed-Collective/script-library

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
active-directory
active-directory
 
 
config
config
 
 
monitoring
monitoring
 
 
powershell
powershell
 
 
CHANGELOG.md
CHANGELOG.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

TN Higher Ed Tech Collective — Script Library

Community-contributed scripts, configurations, and automation tools for higher education IT.

These scripts are generalized from production use at Tennessee community colleges and designed to be adapted for any institution using Active Directory, Azure AD, and Microsoft 365.

What's Included

Active Directory

Script Purpose
Invoke-UserProvisioningPipeline CSV-driven user provisioning: ERP → AD → Azure AD → MFA
Invoke-MFABackfill Batch MFA phone setup for users created before auto-provisioning
Add-ProxyAddress Add email domain aliases for domain migrations
Verify-ProxyAddresses Verify alias deployment completion
Rollback-ProxyAddresses Emergency rollback for primary SMTP mistakes

Monitoring

Script Purpose
Export-QueueMetrics Prometheus metrics for file queue monitoring + Uptime Kuma heartbeat
Register-MetricsTask Scheduled task registration for the metrics exporter

PowerShell Helpers

Module Purpose
Initialize-ServicePrincipal Service principal auth with parameter/env var/config fallback
Write-StructuredLog Unified console + file + Event Log logging
Write-AtomicFile Atomic file writes (temp-then-move) for Prometheus safety

Quick Start

  1. Copy config/sample-config.json to config.json
  2. Edit with your institution's values (domains, OUs, server names, groups)
  3. Set environment variables for service principal credentials: 
    [System.Environment]::SetEnvironmentVariable('AZURE_TENANT_ID', 'your-tenant-id', 'Machine')
[System.Environment]::SetEnvironmentVariable('AZURE_CLIENT_ID', 'your-client-id', 'Machine')
[System.Environment]::SetEnvironmentVariable('AZURE_CLIENT_SECRET', 'your-secret', 'Machine')
  4. Test with -WhatIf or -TestMode before production use: 
    .\Invoke-UserProvisioningPipeline.ps1 -ConfigFile .\config.json -SkipAzureADSync

Configuration

All institution-specific values are externalized to a JSON config file. See config/sample-config.json for the full template with comments.

Key sections:

  • Institution — domain names (primary, alias, onmicrosoft)
  • ActiveDirectory — domain controller, OUs, required groups
  • AzureAD — connect server, environment variable names for credentials
  • Paths — incoming/backup/error directories, metrics output
  • Monitoring — Uptime Kuma URL, Prometheus metric prefix
  • EventLog — Windows Event Log source name

Every script accepts parameter overrides that take precedence over config file values.

Prerequisites

  • Windows PowerShell 5.1 or PowerShell 7+
  • Active Directory PowerShell module (RSAT-AD-PowerShell)
  • Microsoft Graph PowerShell SDK
    • Microsoft.Graph.Authentication
    • Microsoft.Graph.Identity.SignIns
    • Microsoft.Graph.Users
  • Azure AD service principal with:
    • User.Read.All
    • UserAuthenticationMethod.ReadWrite.All
  • Windows Exporter (for monitoring scripts)

Usage Guidelines

  1. Review code before running — understand what each script does
  2. Verify required modules and permissions are in place
  3. Test in a non-production environment first
  4. Customize the config file for your institution
  5. Preserve attribution when sharing modifications

Community

License

MIT — use freely, modify freely, share freely.

About

Community-contributed scripts, configurations, and automation tools for higher education IT

Resources

Readme

License

MIT license

Contributing

Contributing
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages