Completed
AD Tools for logged on user
Check if the logged on user is locked in ad, if so unlock the account
0
Check if the logged on user is locked in ad, if so unlock the account
Comments
Timo,
We don't currently have a variable for logged on user in Inventory, creating a script for that would be pretty complicated. If you give me some time to work on that and see if i can get AD access to test it i'll get back to you when i can.
Nate
Hi Nate,
thanks! It would be awesome to have such an user variable.
Timo
Do your users log into computers locally or do they RDP? The current logged on user setting is Powershell is different for a local user as apposed to a RDP user.
HI Nate,
they log in locally.
Timo
Timo,
Let me know if this works. I don't have access currently to test it. All you need to do is paste the following into the Command field of a new tool, Name it whatever you like and change the Shell option to Leave Shell Open.
Command:
$user = (Get-WmiObject -ComputerName $(Computer:TARGETHOSTNAME) -Class win32_computersystem).username.split("\")[1]
IF((Get-ADUser -Properties "LockedOut" -Identity $user).lockedout -eq $true){
Unlock-ADAccount -Identity $user
Echo "$user was locked"
}Else{
Echo "$user is Not Locked"
}
Note: This requires that you have Remote Server Administration Tools installed on the same machine that is running PDQ Inventory.
Awesome Nate!
Works great! Thanks a lot :-)
Here is a script that should work for both local logged in accounts and RDP accounts.
Command:
$ProcessList = Get-WmiObject -ComputerName $(Computer:TARGETHOSTNAME) win32_process -Filter "Name = 'explorer.exe'"
$users = @()
ForEach ($process in $ProcessList) {
$users += ($process.GetOwner()).User
}
Foreach($user in $users){
IF((Get-ADUser -Properties "LockedOut" -Identity $user).lockedout -eq $true){
Unlock-ADAccount -Identity $user
Echo "Accoount Locked"
}Else{
Echo "Account is Not Locked"
}
}
Please sign in to leave a comment.