Once again cutting the time for basic administrative tasks, Powershell comes to the rescue! This below script requires Quests ActiveRoles AD Management script pack which can be freely downloaded from Their Website
The Script
#------- Assign Variables -------#
Add-PSSnapin Quest.ActiveRoles.ADManagement
$UserArg = $args[0]
$User = Get-QADUser | ? {$_.LogonName -eq $UserArg}
#------- ######## -------#
#------- Unlock the User -------#
if (!$User){ write-host "Uh Oh! That user can not be found!" }
else {
Set-QADUser $User -ObjectAttributes @{lockouttime='0'}
if (!$User.AccountIsLockedOut){
write-host "Successfully unlocked user account "+$User.LogonName
}else {
write-host "There was an error resetting the account for "+$User.LogonName+ `
". Account still has lockout period set."
}
}
#------- ######## -------#
Special Notes
This script is designed to run with a command line variable as the username (hence the $args[0]) – so remember to call it correctly.
My production script has some event log functions that raise an event at each stage, and if an error happens (normally human error mis-typing the username!) it can raise an error with a custom Source and EventID which our monitoring software picks up and creates a service ticket.
No comments:
Post a Comment