0

I have this script that will query the local domain and unlock and account if it is currently locked. I'd like to run this same script however check a different domain. Can I get some help with the Get=AdUser command, i thought it would be -Server "Servername" for the other domain controller however this didn't work.

As per the feedback given I try the below where I have put in the domaincontroller name and it doesn't seem to work as I can't unlock the locked account. I see everything loading and I get the screen printout that it found the locked account but the account doesn't unlock.

$DomainController = 'domain1.local'
$AccountName = 'noctest'


 $res = Get-ADUser -Identity $AccountName -Server $DomainController - 
 Properties LockedOut | Select-Object LockedOut
 Write-Output $res

 if ($res.lockedout -eq $true)

 {
  unlock-adaccount $AccountName
  write-output  "Account has Been Un-Locked"
  exit
 }

 Write-Output "Account Not Locked."
Improve this question

1 Answer 1

Reset to default
1

Get-ADUser has a -server parameter that you can use to specify a domain controller that has a particular domain's information on it, this will work assuming you have access to that other domain

$DomainController = 'DomainControllerName'

$res = Get-ADUser -Identity noctest -Properties LockedOut -Server $DomainController | Select-Object LockedOut

 if ($res.lockedout -eq $true)
 {
     unlock-adaccount noctest
     write-output  "Account has Been Un-Locked"
 }
Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

Steve, were you able to get this to work? I didn't see your prior comment that was removed.
I updated the posting above with the changes I made as per your suggestion. I believe it is querying the domain ok as it sees the account is locked based on following the IF statement, however it doesn't unlock the account.
Can you run the lines individually in a PS console, and see if ‘$res.lockedout’ returns anything?
FOr some reason I couldn't step through line by line. After the $res line where it retrieves the status I added a line output and it shows the lockout to be true. It then proceeds through the IF statement, however is no unlocking the account.
I'm not sure why you pasted your code in a comment... copy that code into a PS console, and then put in $res.lockedout and see if it returns anything for you
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.