<# .Synopsis Unlock any Active Directory Account .DESCRIPTION Unlock any Active Directory Account, verify information .EXAMPLE Unlock-ITDADAccount -Identity username1 .EXAMPLE Unlock-ITDADAccount -Identity username1, username2, username3 .EXAMPLE Unlock-ITDADAccount -Identity username1 -Credential $PSCredential .INPUTS Inputs to this cmdlet (if any) .OUTPUTS Output from this cmdlet (if any) .NOTES General notes .COMPONENT The component this cmdlet belongs to .ROLE The role this cmdlet belongs to .FUNCTIONALITY The functionality that best describes this cmdlet #> function Unlock-ITDADAccount { [CmdletBinding()] Param ( [Parameter(Mandatory=$true)] [string[]] $Identity, [PSCredential] $Credential ) Begin { Write-Verbose "Validate credentials, stop script if invalid." If($Credential -eq "" -or $Credential -eq $null) { $Credential = Get-Credential -Message "Enter domain/OU administrator credentials. User name must be entered as a SAMAccountName (DOMAIN\username) or as a User Principal Name (username@domain.com)" -UserName $Credential If($Credential -eq "" -or $Credential -eq $null) { Write-Warning "credentials missing - stopping script" break } If((Test-ADCredential -Credential $Credential -ErrorAction Stop) -eq $false) { Write-Warning "Invalid credentials or locked account." break } } .3 Import-Module ActiveDirectory } Process { ForEach ($i in $Identity) { $before = Get-ADUser -Identity $i -Properties SamAccountName,PasswordLastSet,lastLogonDate,Enabled,LockedOut | Select-Object SamAccountName,PasswordLastSet,lastLogonDate,Enabled,LockedOut $SamAccountName = $before.SamAccountName If($before.LockedOut -eq $false) { Write-Warning "[$SamAccountName]:Before:$before" } Else { Unlock-ADAccount -Identity $i -Credential $Credential $after = Get-ADUser -Identity $i -Properties SamAccountName,PasswordLastSet,lastLogonDate,Enabled,LockedOut | Select-Object SamAccountName,PasswordLastSet,lastLogonDate,Enabled,LockedOut Write-Warning "[$SamAccountName]:After:$after" } } } End { } }