I wanted a quick way to find if an account is locked out (you get the call “I can’t log in”) and unlock it. I had a wrapper script that just called “Search-ADAccount –LockedOut” but I took it a bit further. The first of these two wrapper scripts/functions gets all the accounts that are locked out, then it asks if you want to unlock the account – if yes, it calls the second unlock function. If no, then it loops to the next locked account.
function JBMURPHY-AD-GetLockedOut {
Search-ADAccount –LockedOut | foreach-object {
$UserName=$_.Name
$SamAccountName=$_.SamAccountName
write-host "`n$UserName is locked out`n"
$message = "Do you want to unlock $UserName"
$yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes","Yes nnlock $UserName"
$no = New-Object System.Management.Automation.Host.ChoiceDescription "&No","No, don't unlock $UserName"
$options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
$result = $host.ui.PromptForChoice($title, $message, $options, 0)
if ($result -eq 0){
JBMURPHY-AD-UnlockAccount -UserName $SamAccountName
}
}
}
The second function is a simple script that wraps the unlock-adaccount function:
function JBMURPHY-AD-UnlockAccount {
Param([parameter(Mandatory = $true)]$UserName)
Unlock-ADAccount -Identity $UserName
}
Comments are closed.