First you need to be Domain Administrator.
To find all locked accounts in Active Directory you may use this simple command:
Search-ADAccount -LockedOut
To unlock specific user use this command:
Unlock-ADAccount "Username"
To unlock all found accounts you can pipe results of the command to another command:
Search-ADAccount -LockedOut | Unlock-ADAccount
If you want to unlock several users (not only one and not all of them) you may use Out-GridView command which gives the possibility for some sort of GUI menu.
Search-ADAccount -LockedOut | OGV -Title "Choose the accounts for unlocking" -PassThru | Unlock-ADAccount
Put attention to -PassThru - it gives the possibility to choose one or more objects and then piping them to the next command which is in our case unlocks the chosen users.
In the most of cases these simple commands could be enough, but if you want to be cool you may do some scripting.
##== START ==##
cls
$LockedAcc = ""
$LockedAccCount = ""
$User = $env:UserName
Write-Host "'$User', I am seeking for Locked Accounts....." -BackgroundColor Green
$LockedAcc = Search-ADAccount -LockedOut
$LockedAcc | Select Name, SamAccountName, LockedOut
$LockedAccCount = ($LockedAcc | measure).Count
Write-Host
If(!($LockedAcc)){Write-Host "Great! I cannot find any!" -ForegroundColor Yellow -BackgroundColor DarkRed; Write-Host; Break}
Else{Write-Host "Found $LockedAccCount Locked Account(s)" -BackgroundColor Red}
$LockedAcc | OGV -PassThru | Unlock-ADAccount
##== CHECK ==##
Write-Host "Post-check for Locked Accounts..."
Start-Sleep 5
$LockedAcc2 = ""
$LockedAcc2Count = ""
$LockedAcc2 = Search-ADAccount -LockedOut
$LockedAcc2Count = ($LockedAcc2 | measure).Count
If($LockedAcc2){Write-Host "Still $LockedAcc2Count Account(s) is/are Locked" -BackgroundColor Red}
Else{Write-Host "Great! You successfully unlocked accounts." -BackgroundColor Red}
$LockedAcc2 | Select Name, SamAccountName, LockedOut
##== END ==##
Комментариев нет:
Отправить комментарий