Blue Lance

Bluelance 2.0
Get a demo
View Categories

Creating and Scheduling Scripts

5 min read

PowerShell Orchestrator allows you to define, store, and schedule PowerShell scripts that run against your managed endpoints and Entra ID targets. Scripts are the core of what PowerShell Orchestrator does โ€” they query your directory environment, collect assessment data, and forward results to LT Auditor MP. This article covers how to create, configure, and schedule scripts within the platform.

Understanding scripts in PowerShell Orchestrator:

A script in PowerShell Orchestrator consists of:

  • The PowerShell code to execute on the target endpoint or against Entra ID
  • The target endpoint or cloud target the script runs against
  • A schedule defining when and how often the script runs
  • Optional alert linkage that triggers the script automatically in response to a security event

Scripts are stored centrally in LT Auditor MP and pushed to the relevant endpoint at execution time. Output from each script run is captured and forwarded to the LT Auditor MP server as structured assessment data.

Accessing the script library:

  1. Log in to the LT Auditor MP Web UI
  2. Navigate to Configure โ†’ PowerShell Orchestrator โ†’ Scripts
  3. The script library displays all saved scripts with their name, target, schedule status, and last run time

Creating a new script:

  1. Click Add New Script
  2. Configure the script details:
    • Script Name โ€” a clear, descriptive name (e.g., “AD Privileged Group Membership Assessment”)
    • Description โ€” the purpose of the script and what it assesses
    • Target Type โ€” select either a managed endpoint or an Entra ID cloud target
    • Target โ€” select the specific endpoint or cloud target from the configured list
  3. Enter or paste your PowerShell script code in the script editor:

# Example: List all members of the Domain Admins group

Get-ADGroupMember -Identity “Domain Admins” -Recursive |

Select-Object Name, SamAccountName, DistinguishedName |

ConvertTo-Json

  1. Configure output settings:
    • Output Format โ€” JSON is recommended for structured data forwarding to LT Auditor MP
    • Max Output Size โ€” set a limit to prevent excessively large outputs
  2. Click Save

[Your administrator should populate the script library with assessment scripts relevant to your environment. Blue Lance may provide a default set of assessment scripts โ€” refer to the Blue Lance documentation at https://www.bluelance.com/docs for details.]

Recommended assessment scripts to create:

Script NamePurpose
Domain Admins MembershipLists all current members of the Domain Admins group
Stale User AccountsIdentifies user accounts inactive for 90+ days
Accounts Without MFAIdentifies Entra ID accounts without MFA enabled
Local Admin AccountsLists local administrator accounts on managed servers
Expired PasswordsIdentifies accounts with expired or never-expiring passwords
GPO Configuration AssessmentReviews Group Policy Object settings for security misconfigurations
Entra ID Role AssignmentsLists all current Entra ID role assignments
Conditional Access Policy ReviewReviews Entra ID conditional access policy configurations

[Your administrator should adjust this list based on your organization’s specific assessment requirements and compliance frameworks.]

Scheduling a script:

  1. Open the script configuration
  2. Navigate to the Schedule tab
  3. Click Add Schedule
  4. Configure the schedule:
    • Frequency โ€” Daily, Weekly, Monthly, or a custom interval
    • Day and Time โ€” when the script should run
    • Time Zone โ€” the timezone for schedule execution
  5. Click Save

The script will run automatically at the configured time and forward its output to the LT Auditor MP server.

Stagger script schedules to avoid running multiple assessment scripts simultaneously, particularly against the same domain controller. Concurrent assessments can impact domain controller performance.

Running a script on demand:

To run a script immediately without waiting for the scheduled time:

  1. Open the script from the script library
  2. Click Run Now
  3. Monitor the execution progress in Configure โ†’ PowerShell Orchestrator โ†’ Execution Log
  4. When complete, navigate to View in the Web UI to see the assessment results

Editing an existing script:

  1. Open the script from the script library
  2. Click the Edit icon
  3. Make the necessary changes to the script code, target, or schedule
  4. Click Save

Changes to a script take effect on the next scheduled run or the next time the script is run manually. Any currently running execution of the script will complete using the previous version.

Duplicating a script:

To create a similar script quickly without starting from scratch:

  1. Select the script from the script library
  2. Click Duplicate
  3. Modify the name, target, or code as needed
  4. Click Save

This is useful when you need to run the same assessment against multiple different endpoints.

Enabling and disabling scripts:

To temporarily suspend a script without deleting it:

  1. Open the script configuration
  2. Toggle the Active switch to off
  3. The script will not run on its schedule until re-enabled

Deleting a script:

  1. Select the script from the script library
  2. Click the Delete icon
  3. Confirm the deletion

Deleting a script removes it and its schedule permanently. Historical execution results and assessment data already forwarded to LT Auditor MP are retained and are not affected.

Best practices:

  • Use descriptive script names and descriptions so other administrators understand the purpose of each assessment without needing to read the code
  • Always test new scripts with Run Now before activating their schedule to confirm they produce the expected output
  • Use JSON output format wherever possible for clean, structured data forwarding to LT Auditor MP
  • Stagger schedules across scripts and endpoints to avoid performance impacts during peak hours
  • Store scripts in source control outside of LT Auditor MP as a backup, especially for complex assessments
  • Review the script library regularly and remove or update scripts that are no longer relevant
  • Use the least privilege principle for the service account โ€” scripts should only have the read access they need

[Your administrator should document the purpose and expected output of each script in the library so the team can interpret assessment results correctly.]

active directory, assessment reports, assessment scripts, automation, compliance, conditional access, configuration, domain admins, duplicate script, entra id, expired passwords, getting started, gpo, json output, local admin, mfa, monitoring, powershell, powershell orchestrator, run now, scheduled reports, script editor, script library, script management, script output, script scheduling, scripts, service account, stale accounts, windows

Powered by BetterDocs

Newsletter

Let's get started and
enjoy the power of LT Auditor MP

ยฉ Copyright , BLUE LANCE 2.0. All Rights Reserved.

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by