none
PowerShell Unlock AD Account Script RRS feed

  • Question

  • I currently wrote the following script to unlock accounts:

    Import-Module ActiveDirectory
    
    Function Unlock-ADaccount {
        Param(
            $username
        )
    
        try {
            #Attempt to find the user in ActiveDirectory, Set the Password, and force user to change password at next logon
            $ADAccount = Get-ADUser -Identity $username
            unlock-adaccount -Identity $username
    
            #Report success to operator
            Write-Host "$($ADAccount.GivenName)'s account has been unlocked!" -ForegroundColor Green
        } catch [Microsoft.ActiveDirectory.Management.ADIdentityResolutionException] {
            #Attempt to find username in AD failed
            Write-Host "ERROR! $username NOT Found in Active Directory!" -ForegroundColor Red
        } catch [Exception] {
            #Unexpected Exception
            Write-Host "ERROR! $($Error[0].Exception)" -ForegroundColor Red
        }
    }
    
    #START SCRIPT
    $continue = $true
    while($continue) {
        Unlock-ADAccount -username (Read-Host "Enter Username")
        
        #Ask operator if they want to run script again
        if((Read-Host "Repeat Script?") -eq "N") {
            $continue = $false
        }
    } 
    
    

    It works correctly and whenever I enter a username and hit enter it tells me the account has been unlocked, but before it does it gives the following errors in red:

    ERROR! System.Management.Automation.ParameterBindingValidationException:

    Cannot validate argument on the parameter 'Identity'. The argument is null.

    (it repeats this a lot and then at the end it shows: "Account has been unlocked!")


    And goes on from there, but I can figure out what it means by it being null and if it is null why the script still works. It just doesn't look pretty with all of that red.

    Monday, April 21, 2014 5:34 PM

All replies

  • Hi Thetabit,

    I think i figured it out:  In your function, you call the same function again.
    Because of the function unlock-adaccount allready is a cmdlet, the function is calling itself

    So if you change your function name toe i.e. unlock-me, and change it in the while loop, it won't fall in the latest catch.

    Import-Module ActiveDirectory
    
    Function Unlock-me {
        Param(
            $username
        )
    
        try {
        
            #Attempt to find the user in ActiveDirectory, Set the Password, and force user to change password at next logon
            $ADAccount = Get-ADUser -Identity $username
            unlock-adaccount -Identity $username
    
            #Report success to operator
            Write-Host "$($ADAccount.GivenName)'s account has been unlocked!" -ForegroundColor Green
        } catch [Microsoft.ActiveDirectory.Management.ADIdentityResolutionException] {
            #Attempt to find username in AD failed
            Write-Host "ERROR! $username NOT Found in Active Directory!" -ForegroundColor Red
        } catch [Exception] {
            #Unexpected Exception
            Write-Host "ERROR! $($Error[0].Exception)" -ForegroundColor Red
        }
    }
    
    #START SCRIPT
    $continue = $true
    while($continue) {
        Unlock-me -username (Read-Host "Enter Username")
        
        #Ask operator if they want to run script again
        if((Read-Host "Repeat Script?") -eq "N") {
            $continue = $false
        }
    } 

    Goodluck :)

    Hope this is the answer


    • Proposed as answer by Cees van Alten Friday, March 20, 2015 10:28 PM
    • Edited by Cees van Alten Friday, March 20, 2015 10:30 PM deleted an extra line with: write-host $username
    Friday, March 20, 2015 10:25 PM