AD Tools for logged on user
Completed
Check if the logged on user is locked in ad, if so unlock the account
-
Official comment
Timo,
We don't currently have a variable for logged on user in Inventory, creating a script for that would be pretty complicated. If you give me some time to work on that and see if i can get AD access to test it i'll get back to you when i can.
Nate
Comment actions -
Timo,
Let me know if this works. I don't have access currently to test it. All you need to do is paste the following into the Command field of a new tool, Name it whatever you like and change the Shell option to Leave Shell Open.
Command:
$user = (Get-WmiObject -ComputerName $(Computer:TARGETHOSTNAME) -Class win32_computersystem).username.split("\")[1]
IF((Get-ADUser -Properties "LockedOut" -Identity $user).lockedout -eq $true){
Unlock-ADAccount -Identity $user
Echo "$user was locked"
}Else{
Echo "$user is Not Locked"
}
Note: This requires that you have Remote Server Administration Tools installed on the same machine that is running PDQ Inventory.
-
Here is a script that should work for both local logged in accounts and RDP accounts.
Command:
$ProcessList = Get-WmiObject -ComputerName $(Computer:TARGETHOSTNAME) win32_process -Filter "Name = 'explorer.exe'"
$users = @()
ForEach ($process in $ProcessList) {
$users += ($process.GetOwner()).User
}
Foreach($user in $users){
IF((Get-ADUser -Properties "LockedOut" -Identity $user).lockedout -eq $true){
Unlock-ADAccount -Identity $user
Echo "Accoount Locked"
}Else{
Echo "Account is Not Locked"
}
}
Please sign in to leave a comment.
Comments
7 comments