Important Notice: On February 29th, this community will be put into read-only mode. All existing posts will remain but customers will be unable to add new posts or comment on existing. Please feel to join our Community Discord for any questions and discussions.

Completed

AD Tools for logged on user

Check if the logged on user is locked in ad, if so unlock the account

0

Comments

7 comments
Date Votes
  • Official comment

    Timo,

    We don't currently have a variable for logged on user in Inventory, creating a script for that would be pretty complicated. If you give me some time to work on that and see if i can get AD access to test it i'll get back to you when i can.

    Nate

  • Hi Nate,

    thanks! It would be awesome to have such an user variable.

     

    Timo

    0
  • Do your users log into computers locally or do they RDP? The current logged on user setting is Powershell is different for a local user as apposed to a RDP user. 

    0
  • HI Nate,

    they log in locally.

    Timo

    0
  • Timo, 

    Let me know if this works. I don't have access currently to test it. All you need to do is paste the following into the Command field of a new tool, Name it whatever you like and change the Shell option to Leave Shell Open.

    Command:

    $user = (Get-WmiObject -ComputerName $(Computer:TARGETHOSTNAME) -Class win32_computersystem).username.split("\")[1]

    IF((Get-ADUser -Properties "LockedOut" -Identity $user).lockedout -eq $true){
    Unlock-ADAccount -Identity $user
    Echo "$user was locked"
    }Else{
    Echo "$user is Not Locked"
    }

     

     Note: This requires that you have Remote Server Administration Tools installed on the same machine that is running PDQ Inventory.

    1
  • Awesome Nate!

    Works great! Thanks a lot :-)

    0
  • Here is a script that should work for both local logged in accounts and RDP accounts.

    Command:

    $ProcessList = Get-WmiObject -ComputerName $(Computer:TARGETHOSTNAME) win32_process -Filter "Name = 'explorer.exe'"
    $users = @()
    ForEach ($process in $ProcessList) {
      $users += ($process.GetOwner()).User
    }

    Foreach($user in $users){
    IF((Get-ADUser -Properties "LockedOut" -Identity $user).lockedout -eq $true){
    Unlock-ADAccount -Identity $user
    Echo "Accoount Locked"
    }Else{
    Echo "Account is Not Locked"
    }
    }

    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post