You can import the Active drirectory module by typing in a Powershell session
import-module activedirectory
You might want to check that it is available first by typing
get-module -listavailable
For more information you want to follow this link Win2k8R2 AD PoSh Module
Anyway...I had a strange call where the Active Directory Users and Computers showed an account was in a normal unlocked state and so did the lockoutstatus tool. Bit starnge...so I ran a script that I have that brings me back some account information (I'll post this script later) one of the things it reports is if the account is locked or not....and...it showed the account was locked!
Anyway a quick method of unlocking the account...imported the activedirectory module and with a little help from a the CMD shell
dsquery user -name "*DisplayNameString*" | dsget user -upn -dn
for example..
dsquery user -name "*bloggs*" | dsget user -upn -dn
will return the User Principal Name of the user object and the Distinguished Name of the user object from the AD containing the text string bloggs ...
I also brought back the UPN so that I can prove what type of account the customer was using...some enterprises may prefix the account name alphanumerically to seperate out Higher Level Access accounts or just plain DOMAIN ADMIN accounts, I verified what type of account the customer was refering to by double checking the UPN and the DN of the user object. And since I have my Powershell and CMD shell set for copy and pasting...I can easily copy the DN from the CMD shell to Powershell and use the activedirectory module to unlock the account....
unlock-adaccount -identity "this_is_the_DN_path"
and the " " characters?...well they just take care of the spaces in the DN path.
No comments:
Post a Comment