Powershell - Script para comprobar y desbloquear usuario bloqueado de directorio activo

Publicado: 18 Octubre 2017, 12:59
por Cazador
Script que se encarga de comprobar y desbloquear una cuenta de usuario de Directorio Activo de forma continua. Utilizado para aquellas cuentas que se bloquean de forma continua por la configuración de alguna maquina. Su uso no es recomendable, pero por alguna circunstancia puede que sea necesario lanzar el script hasta que se solventa el problema o localiza el equipo que esta produciendo el bloqueo de la cuenta.

Código:

<#
.SYNOPSIS
   Check if user account is blocked
.DESCRIPTION
   Check if user account is blocked
.NOTES
    File Name      : Check-UserAccount.ps1
    Author         : Andrés Arnáiz
        Prerequisite   : PowerShell V2 over Vista and upper.
    Copyright 2017 - Andrés Arnáiz
.VERSION
    Version 1.0
#>   
#Default variables
$frequency = 1800 #1800 every 30 minutes
$Check = $True #Enable continuos checking state account

#Begin Script
Clear-Host
Write-Host "-------------------------------------------------------"
Write-Host " Tool to check if user account is blocked and unlock it"
Write-Host "-------------------------------------------------------"
Write-Host "`n 1) Introduce the account name to check"
Write-Host " Please input a name account to check"
Do {
$useraccount = Read-Host -Prompt 'Input the account name'
   if($useraccount -eq ""){"Error: Please input an account name"; $strQuit ="n"}
   else{
      Write-Host "Account Name: '$useraccount'" -foregroundcolor "magenta"
      $strQuit = Read-Host " Is this value correct? (Y/N)"
   }
}# End of 'Do'
While ($strQuit -ne "Y")
Write-Host "Waiting to open account selection window..."
$Userinfo = Get-ADUser -Filter * -Properties LockedOut, SAMAccountName | ? { $_.SAMAccountName -like "*$useraccount*" } | Select-Object SamAccountName,DistinguishedName | Out-GridView -PassThru
$useraccount = $Userinfo.SamAccountName
#$lockstatus = $Userinfo.LockedOut
Write-Host "SamAccountName selected:" $Userinfo.SamAccountName -foregroundcolor "magenta"

#Checking the state account if Check is true
Write-Host "Checking account's status every" $frequency "seconds..."
While($Check)
{
   $Date = Get-Date
   $lockstatus = (Get-Aduser $Userinfo.SamAccountName -Properties LockedOut).LockedOut
    if ($lockstatus) {
      Write-Host -f red "Account locked - Date:" $Date
      Write-Host""
      Write-Host""
      Write-Host "Unlocking Account"
      Unlock-ADAccount $Userinfo.SamAccountName
   }
   else{
      Write-Host -f green "Account is not blocked - Date:" $Date
   }
   Start-Sleep $frequency #1800 every 30 minutes
}





Publicidad