I have the task in SCSM to "unlock an AD User Account." It works fine for me, but one of my analysts gets an error when he tries it. It says he has insufficient access rights to perform the operation. He can go into AD and unlock the account himself though, so I am not sure why he gets that.

Have you tried letting his user run the PS-script directly?

you have two different error. first is not related to scsm: your user has no right to use ad cmdlets. the second one is error about action log. this is because the task is failed and there nothing to write in action log.

I had him try. We tried two names, one that is the domain admin and one that is a normal user. He can unlock either one from th AD console directly. Here is what I get:

And here is his:

And again, this is NOT scsm-related problem but security-related problem.

The member of Domain Admin only (unless you not specify this rights directly) can unlock any account.

But if he can unlock the same users from AD, I don't understand why this is. Doesn't it use his credentials to run the task?