Completed

AD Tools for logged on user

Check if the logged on user is locked in ad, if so unlock the account

0

Comments

7 comments
Date Votes
  • Official comment

    Timo,

    We don't currently have a variable for logged on user in Inventory, creating a script for that would be pretty complicated. If you give me some time to work on that and see if i can get AD access to test it i'll get back to you when i can.

    Nate

  • Hi Nate,

    thanks! It would be awesome to have such an user variable.

     

    Timo

    0
  • Do your users log into computers locally or do they RDP? The current logged on user setting is Powershell is different for a local user as apposed to a RDP user. 

    0
  • HI Nate,

    they log in locally.

    Timo

    0
  • Timo, 

    Let me know if this works. I don't have access currently to test it. All you need to do is paste the following into the Command field of a new tool, Name it whatever you like and change the Shell option to Leave Shell Open.

    Command:

    $user = (Get-WmiObject -ComputerName $(Computer:TARGETHOSTNAME) -Class win32_computersystem).username.split("\")[1]

    IF((Get-ADUser -Properties "LockedOut" -Identity $user).lockedout -eq $true){
    Unlock-ADAccount -Identity $user
    Echo "$user was locked"
    }Else{
    Echo "$user is Not Locked"
    }

     

     Note: This requires that you have Remote Server Administration Tools installed on the same machine that is running PDQ Inventory.

    1
  • Awesome Nate!

    Works great! Thanks a lot :-)

    0
  • Here is a script that should work for both local logged in accounts and RDP accounts.

    Command:

    $ProcessList = Get-WmiObject -ComputerName $(Computer:TARGETHOSTNAME) win32_process -Filter "Name = 'explorer.exe'"
    $users = @()
    ForEach ($process in $ProcessList) {
      $users += ($process.GetOwner()).User
    }

    Foreach($user in $users){
    IF((Get-ADUser -Properties "LockedOut" -Identity $user).lockedout -eq $true){
    Unlock-ADAccount -Identity $user
    Echo "Accoount Locked"
    }Else{
    Echo "Account is Not Locked"
    }
    }

    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post