Hello,
I got most of this script from blogs and am trying to customize it to my needs. I believe it has to be in 2 parts powershell and VBS:
1. This allows me to Query AD for the user that phoned in and is asking me to unlock their account. I can type in the first 3 letters of their name followed by * and it will find them and other users with similar names. I can select this user and it exports the LDAP location to a CSV file.
# Function Find Distinguished Name
function find-dn { param([string]$adfindtype, [string]$cName)
# Create A New ADSI Call
$root = [ADSI]''
# Create a New DirectorySearcher Object
$searcher = new-object System.DirectoryServices.DirectorySearcher($root)
# Set the filter to search for a specific CNAME
$searcher.filter = "(&(objectClass=$adfindtype) (CN=$cName))"
# Set results in $adfind variable
$adfind = $searcher.findall()
# If Search has Multiple Answers
if ($adfind.count -gt 1) {
$count = 0
foreach($i in $adfind)
{
# Write Answers On Screen
write-host $count ": " $i.path
$count += 1
}
# Prompt User For Selection
$selection = Read-Host "Please select item: "
# Return the Selection & export to csv
return $adfind[$selection].path | out-file "C:\data\myscripts\unlock account\UserDN.csv"
}
# Return The Answer & export to csv
return $adfind[0].path | out-file "C:\data\myscripts\unlock account\UserDN.csv"
}
# Find a "User" and prompt for "$cName"
find-dn "user" ($cname = read-host "Enter User Name")
2. To actually unlock the account i need to run a VB script as a domain admin. (I havent figured out the run-as option for a VBS yet) I cant figure out how to insert the output (CSV file) into the correct location of the VBS. As far as i can tell you cant run this VBS inside powershell...
Set ObjUser=GetObject("INSERT OUTPUT FROM STEP ONE HERE")
Objuser.isaccountlocked=False
Objuser.SetInfo()
Both Step one and two work perfectly on there own. Can you run VBS inside PowerShell? Can you run PS script as another user?
Any help much appreciated,
DP