PowerShell Unlock AD Account Script

I currently wrote the following script to unlock accounts:

Import-Module ActiveDirectory

Function Unlock-ADaccount {
    Param(
        $username
    )

    try {
        #Attempt to find the user in ActiveDirectory, Set the Password, and force user to change password at next logon
        $ADAccount = Get-ADUser -Identity $username
        unlock-adaccount -Identity $username

        #Report success to operator
        Write-Host "$($ADAccount.GivenName)'s account has been unlocked!" -ForegroundColor Green
    } catch [Microsoft.ActiveDirectory.Management.ADIdentityResolutionException] {
        #Attempt to find username in AD failed
        Write-Host "ERROR! $username NOT Found in Active Directory!" -ForegroundColor Red
    } catch [Exception] {
        #Unexpected Exception
        Write-Host "ERROR! $($Error[0].Exception)" -ForegroundColor Red
    }
}

#START SCRIPT
$continue = $true
while($continue) {
    Unlock-ADAccount -username (Read-Host "Enter Username")
    
    #Ask operator if they want to run script again
    if((Read-Host "Repeat Script?") -eq "N") {
        $continue = $false
    }
}

It works correctly and whenever I enter a username and hit enter it tells me the account has been unlocked, but before it does it gives the following errors in red:

ERROR! System.Management.Automation.ParameterBindingValidationException:
Cannot validate argument on the parameter 'Identity'. The argument is null. 
(it repeats this a lot and then at the end it shows: "Account has been unlocked!")

And goes on from there, but I can figure out what it means by it being null and if it is null why the script still works. It just doesn't look pretty with all of that red.

April 21st, 2014 5:34pm

Hi Thetabit,

I think i figured it out:  In your function, you call the same function again.
Because of the function unlock-adaccount allready is a cmdlet, the function is calling itself

So if you change your function name toe i.e. unlock-me, and change it in the while loop, it won't fall in the latest catch.

Import-Module ActiveDirectory

Function Unlock-me {
    Param(
        $username
    )

    try {
    
        #Attempt to find the user in ActiveDirectory, Set the Password, and force user to change password at next logon
        $ADAccount = Get-ADUser -Identity $username
        unlock-adaccount -Identity $username

        #Report success to operator
        Write-Host "$($ADAccount.GivenName)'s account has been unlocked!" -ForegroundColor Green
    } catch [Microsoft.ActiveDirectory.Management.ADIdentityResolutionException] {
        #Attempt to find username in AD failed
        Write-Host "ERROR! $username NOT Found in Active Directory!" -ForegroundColor Red
    } catch [Exception] {
        #Unexpected Exception
        Write-Host "ERROR! $($Error[0].Exception)" -ForegroundColor Red
    }
}

#START SCRIPT
$continue = $true
while($continue) {
    Unlock-me -username (Read-Host "Enter Username")
    
    #Ask operator if they want to run script again
    if((Read-Host "Repeat Script?") -eq "N") {
        $continue = $false
    }
}

Goodluck :)

Hope this is the answer


  • Proposed as answer by Cees van Alten 8 hours 39 minutes ago
  • Edited by Cees van Alten 8 hours 38 minutes ago deleted an extra line with: write-host $username
Free Windows Admin Tool Kit Click here and download it now
March 20th, 2015 6:29pm

Hi Thetabit,

I think i figured it out:  In your function, you call the same function again.
Because of the function unlock-adaccount allready is a cmdlet, the function is calling itself

So if you change your function name toe i.e. unlock-me, and change it in the while loop, it won't fall in the latest catch.

Import-Module ActiveDirectory

Function Unlock-me {
    Param(
        $username
    )

    try {
    
        #Attempt to find the user in ActiveDirectory, Set the Password, and force user to change password at next logon
        $ADAccount = Get-ADUser -Identity $username
        unlock-adaccount -Identity $username

        #Report success to operator
        Write-Host "$($ADAccount.GivenName)'s account has been unlocked!" -ForegroundColor Green
    } catch [Microsoft.ActiveDirectory.Management.ADIdentityResolutionException] {
        #Attempt to find username in AD failed
        Write-Host "ERROR! $username NOT Found in Active Directory!" -ForegroundColor Red
    } catch [Exception] {
        #Unexpected Exception
        Write-Host "ERROR! $($Error[0].Exception)" -ForegroundColor Red
    }
}

#START SCRIPT
$continue = $true
while($continue) {
    Unlock-me -username (Read-Host "Enter Username")
    
    #Ask operator if they want to run script again
    if((Read-Host "Repeat Script?") -eq "N") {
        $continue = $false
    }
}

Goodluck :)

Hope this is the answer


  • Proposed as answer by Cees van Alten Friday, March 20, 2015 10:28 PM
  • Edited by Cees van Alten Friday, March 20, 2015 10:30 PM deleted an extra line with: write-host $username
March 20th, 2015 10:25pm

Hi Thetabit,

I think i figured it out:  In your function, you call the same function again.
Because of the function unlock-adaccount allready is a cmdlet, the function is calling itself

So if you change your function name toe i.e. unlock-me, and change it in the while loop, it won't fall in the latest catch.

Import-Module ActiveDirectory

Function Unlock-me {
    Param(
        $username
    )

    try {
    
        #Attempt to find the user in ActiveDirectory, Set the Password, and force user to change password at next logon
        $ADAccount = Get-ADUser -Identity $username
        unlock-adaccount -Identity $username

        #Report success to operator
        Write-Host "$($ADAccount.GivenName)'s account has been unlocked!" -ForegroundColor Green
    } catch [Microsoft.ActiveDirectory.Management.ADIdentityResolutionException] {
        #Attempt to find username in AD failed
        Write-Host "ERROR! $username NOT Found in Active Directory!" -ForegroundColor Red
    } catch [Exception] {
        #Unexpected Exception
        Write-Host "ERROR! $($Error[0].Exception)" -ForegroundColor Red
    }
}

#START SCRIPT
$continue = $true
while($continue) {
    Unlock-me -username (Read-Host "Enter Username")
    
    #Ask operator if they want to run script again
    if((Read-Host "Repeat Script?") -eq "N") {
        $continue = $false
    }
}

Goodluck :)

Hope this is the answer


  • Proposed as answer by Cees van Alten Friday, March 20, 2015 10:28 PM
  • Edited by Cees van Alten Friday, March 20, 2015 10:30 PM deleted an extra line with: write-host $username
Free Windows Admin Tool Kit Click here and download it now
March 20th, 2015 10:25pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics