update

_NDGOV_WindowsTeam/ITD.Infra-ActiveDirectory.Object/Public/Unlock-ITDADAccount.ps1

@@ -0,0 +1,80 @@
+<#
+.Synopsis
+   Unlock any Active Directory Account
+.DESCRIPTION
+   Unlock any Active Directory Account, verify information
+.EXAMPLE
+   Unlock-ITDADAccount -Identity username1
+.EXAMPLE
+   Unlock-ITDADAccount -Identity username1, username2, username3
+.EXAMPLE
+   Unlock-ITDADAccount -Identity username1 -Credential $PSCredential
+.INPUTS
+   Inputs to this cmdlet (if any)
+.OUTPUTS
+   Output from this cmdlet (if any)
+.NOTES
+   General notes
+.COMPONENT
+   The component this cmdlet belongs to
+.ROLE
+   The role this cmdlet belongs to
+.FUNCTIONALITY
+   The functionality that best describes this cmdlet
+#>
+function Unlock-ITDADAccount
+{
+    [CmdletBinding()]
+    Param
+    (
+        [Parameter(Mandatory=$true)]
+        [string[]]
+        $Identity,
+
+        [PSCredential]
+        $Credential
+    )
+
+    Begin
+    {
+        Write-Verbose "Validate credentials, stop script if invalid."
+        If($Credential -eq "" -or $Credential -eq $null)
+        {
+            $Credential = Get-Credential -Message "Enter domain/OU administrator credentials.  User name must be entered as a SAMAccountName (DOMAIN\username) or as a User Principal Name (username@domain.com)" -UserName $Credential
+            If($Credential -eq "" -or $Credential -eq $null)
+            {
+                Write-Warning "credentials missing - stopping script"
+                break
+            }
+            If((Test-ADCredential -Credential $Credential -ErrorAction Stop) -eq $false)
+            {
+                Write-Warning "Invalid credentials or locked account."
+                break
+            }
+        }
+
+        .3
+        Import-Module ActiveDirectory
+    }
+    Process
+    {
+        ForEach ($i in $Identity)
+        {
+            $before = Get-ADUser -Identity $i -Properties SamAccountName,PasswordLastSet,lastLogonDate,Enabled,LockedOut | Select-Object SamAccountName,PasswordLastSet,lastLogonDate,Enabled,LockedOut
+            $SamAccountName = $before.SamAccountName
+            If($before.LockedOut -eq $false)
+            {
+                Write-Warning "[$SamAccountName]:Before:$before"
+            }
+            Else
+            {
+                Unlock-ADAccount -Identity $i -Credential $Credential
+                $after = Get-ADUser -Identity $i -Properties SamAccountName,PasswordLastSet,lastLogonDate,Enabled,LockedOut | Select-Object SamAccountName,PasswordLastSet,lastLogonDate,Enabled,LockedOut
+                Write-Warning "[$SamAccountName]:After:$after"
+            }
+        }
+    }
+    End
+    {
+    }
+}