Completed
AD Tools for logged on user
Check if the logged on user is locked in ad, if so unlock the account
0
Important Notice: On February 29th, this community was put into read-only mode. All existing posts will remain but customers are unable to add new posts or comment on existing. Please feel to join our Community Discord for any questions and discussions.
Comments
Timo,
We don't currently have a variable for logged on user in Inventory, creating a script for that would be pretty complicated. If you give me some time to work on that and see if i can get AD access to test it i'll get back to you when i can.
Nate
Timo,
Let me know if this works. I don't have access currently to test it. All you need to do is paste the following into the Command field of a new tool, Name it whatever you like and change the Shell option to Leave Shell Open.
Command:
$user = (Get-WmiObject -ComputerName $(Computer:TARGETHOSTNAME) -Class win32_computersystem).username.split("\")[1]
IF((Get-ADUser -Properties "LockedOut" -Identity $user).lockedout -eq $true){
Unlock-ADAccount -Identity $user
Echo "$user was locked"
}Else{
Echo "$user is Not Locked"
}
Note: This requires that you have Remote Server Administration Tools installed on the same machine that is running PDQ Inventory.
Do your users log into computers locally or do they RDP? The current logged on user setting is Powershell is different for a local user as apposed to a RDP user.
Here is a script that should work for both local logged in accounts and RDP accounts.
Command:
$ProcessList = Get-WmiObject -ComputerName $(Computer:TARGETHOSTNAME) win32_process -Filter "Name = 'explorer.exe'"
$users = @()
ForEach ($process in $ProcessList) {
$users += ($process.GetOwner()).User
}
Foreach($user in $users){
IF((Get-ADUser -Properties "LockedOut" -Identity $user).lockedout -eq $true){
Unlock-ADAccount -Identity $user
Echo "Accoount Locked"
}Else{
Echo "Account is Not Locked"
}
}