This repository hosts scripts for the Scripted Actions area, which is part of the XOAP platform. They are provided as-is and are not officially supported by XOAP. Use them at your own risk. Always test them in a non-production environment before using them in production.
This project has adopted this Code of Conduct.
See CHANGELOG.md for a detailed history of changes. Full release artefacts are available at the GitHub Releases page.
Most of the available scripts are built to use a local Azure CLI configuration file. Find more information here: Azure CLI Configuration.
For Azure PowerShell-related scripts we suggest using the noninteractive authentication with a service principal: Sign in to Azure PowerShell with a service principal.
For AWS CLI-related scripts we suggest using the AWS CLI configuration file: Configuration and credential file settings.
Depending on which scripts you want to use, you need to have the following prerequisites installed:
- Google Cloud SDK (includes gcloud CLI)
- Google Cloud PowerShell
- VMware PowerCLI - Install via
Install-Module -Name VMware.PowerCLI
- XenServerPSModule - Download from Citrix XenServer SDK
- PowerShell with REST API capabilities (no specific module required)
- Nutanix Prism Central or Prism Element access
See Azure CLI & Azure PowerShell.
This repository contains automation scripts organized by cloud provider and platform:
- AWS - Amazon Web Services automation (CLI & PowerShell)
- Azure - Microsoft Azure automation (CLI, PowerShell & Bicep)
- azure-cli/ - Azure CLI scripts for AKS, AVD, Functions, monitoring, networking, resource management, security, SQL, storage, and VMs
- azure-ps/ - Azure PowerShell scripts for AVD, Azure Stack HCI, and security
- bicep/ - Azure Bicep IaC scripts for declarative VM, networking, and AVD deployments
- Google Cloud - GCP automation (CLI & PowerShell)
- Microsoft 365 / Entra ID / Intune - Microsoft cloud identity and
device management
- msgraph/ - Microsoft Graph API scripts for Entra ID (users, groups, roles, sign-in logs) and Intune (devices, apps, compliance and config policies)
- Nutanix - Nutanix AHV automation
- nutanix-cli/ - Scripts for infrastructure, storage, and VM management via Prism Central REST API
- VMware vSphere - vSphere automation with PowerCLI
- vsphere-cli/ - Scripts for infrastructure, monitoring, and VM management
- Citrix XenServer - XenServer/XCP-ng automation
- xenserver-cli/ - Scripts for infrastructure, network, storage, and VM operations
- XOAP Operations - Cross-platform bulk operations
- xoap-ops/ - Multi-cloud VM termination, Azure image cleanup, and bulk management scripts
- PowerShell - Windows Server management
- powershell/ - Windows Server administration scripts including RDS, Windows Update, local user management, WinRM, and CIS hardening
- Templates - Script templates and patterns
- templates/ - Starter templates for creating new automation scripts
Each directory contains a comprehensive README.md with usage examples, best practices, and prerequisites specific to that platform or service.
- ✅ Added
bicep/top-level directory with Azure Bicep IaC scripts (vms/,networking/,avd/) - ✅ Added
gce-cli/network/andgce-cli/storage/subdirectories with VPC, firewall, subnet, bucket, object, and disk scripts - ✅ Added
aws-cli/monitoring/with CloudWatch dashboards, alarms, Cost Explorer, and AWS Budgets scripts - ✅ Added
azure-cli/monitoring/with Log Analytics, Azure Monitor alerts, activity log, and diagnostic settings scripts - ✅ Added
powershell/windows-server/with Windows Update, local user management, WinRM configuration, and CIS hardening scripts - ✅ Added
msgraph/entra/scripts: create/update user, assign directory role, get sign-in logs, remove group member - ✅ Added
msgraph/intune/scripts: create compliance policy, retire device, get enrollment status, assign config policy - ✅ Added
msgraph/msgraph-check-cis-benchmark.ps1— checks and optionally remediates 12 CIS Microsoft 365 Foundations controls - ✅ Rewrote
xoap-ops/bulk-operation scripts with comprehensive logging, WhatIf/Force support, and post-operation verification - ✅ Added
azure-cli/aks/,aws-cli/eks/,gce-cli/gke/with Kubernetes cluster management scripts (create, scale, credentials) - ✅ Added
aws-cli/rds/,azure-cli/sql/,gce-cli/sql/with managed database scripts (create instance/server/database, create snapshot) - ✅ Added
aws-cli/lambda/,azure-cli/functions/,gce-cli/functions/with serverless/Functions scripts (create, invoke, deploy) - ✅ Added CI workflow (
powershell-lint.yml) to enforce PSScriptAnalyzer and syntax checks on every PR - ✅ Added
CONTRIBUTING.mdwith full contribution guide - ✅ Added
CHANGELOG.mdwith version history - ✅ Fixed
CODEOWNERS(was.mdextension, now.github/CODEOWNERS) - ✅ Replaced DSC-specific issue templates with script-repo-specific ones
- ✅ Renamed
azure-ps/avd/stack/scripts to kebab-case convention - ✅ README.md files added or updated for all new and existing directories
- ✅ CLAUDE.md updated to reflect all new directories, conventions, and provider-specific patterns
- ✅ Added comprehensive README.md files to all script directories (37 total)
- ✅ Documented prerequisites, usage examples, and best practices for each platform
- ✅ Added XenServer/XCP-ng PowerShell scripts for VM, infrastructure, network, and storage management
- ✅ Enhanced pre-commit configuration with PowerShell-specific validation hooks
- ✅ Standardized documentation format across all cloud providers and platforms
You can use the provided templates to create your scripts.
The templates are located in the templates folder.
This repository uses pre-commit to enforce code quality and consistency. All contributors must have pre-commit configured before making changes.
# Install pre-commit
pip install pre-commit
# Install the hooks into your local clone
pre-commit install
pre-commit install --hook-type commit-msgThe --hook-type commit-msg flag is required to enable the conventional commit
message validation hook.
The following must be installed for the PowerShell hooks to run:
- PowerShell 7+ (
pwsh) — required for syntax checking and PSScriptAnalyzer - PSScriptAnalyzer — install once in PowerShell:
Install-Module PSScriptAnalyzer -Scope CurrentUser| Hook | What it does |
|---|---|
conventional-pre-commit |
Enforces conventional commit message format (feat:, fix:, docs:, etc.) |
trailing-whitespace |
Removes trailing whitespace |
end-of-file-fixer |
Ensures files end with a newline |
check-yaml / check-json |
Validates YAML and JSON syntax |
detect-private-key |
Blocks accidental credential commits |
no-commit-to-branch |
Prevents direct commits to main or master |
prettier |
Formats Markdown and YAML files |
shellcheck |
Lints shell scripts |
codespell |
Catches common typos in code and comments |
powershell-syntax-check |
Validates .ps1 syntax using PowerShell's own parser |
psscriptanalyzer |
Lints .ps1 files for warnings and errors |
check-powershell-bom |
Ensures .ps1 files have no UTF-8 BOM |
check-readme-exists |
Ensures every script directory has a README.md |
# Run all hooks against all files
pre-commit run --all-files
# Run a specific hook
pre-commit run psscriptanalyzer --all-files
pre-commit run powershell-syntax-check --all-files