{"id":12731,"date":"2011-09-11T00:01:00","date_gmt":"2011-09-11T00:01:00","guid":{"rendered":"https:\/\/blogs.technet.microsoft.com\/heyscriptingguy\/2011\/09\/11\/batchman-uses-powershell-to-identify-and-unlock-user-accounts\/"},"modified":"2011-09-11T00:01:00","modified_gmt":"2011-09-11T00:01:00","slug":"batchman-uses-powershell-to-identify-and-unlock-user-accounts","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/scripting\/batchman-uses-powershell-to-identify-and-unlock-user-accounts\/","title":{"rendered":"BATCHman Uses PowerShell to Identify and Unlock User Accounts"},"content":{"rendered":"

Summary<\/strong>: BATCHman shows how to use Windows PowerShell to locate and unlock user accounts in Active Directory.\n \nMicrosoft Scripting Guy Ed Wilson here. In the continuing saga of the world’s first Windows PowerShell superhero, BATCHman<\/a>, and his faithful sidekick, Cmdlet, I once again present Windows PowerShell MVP and Honorary Scripting Guy<\/a> Sean Kearney<\/a>.  \n\"BATCHman<\/a>\nWhenever trouble happens in systems and people will call,\nAnd darkness rolls out causing your fall,\nCreatures of bits roam in the night,\nShine to the sky, the bright bluish Light,\nAnd call to…BATCHman !\n…and, oh yes, his sidekick Boy Blunder Cmdlet, too.\n \nShock! Terror! The Redmond Police office has been rendered useless! A dark shadow has crossed over the LAN!\n“Our accounts! Every account in Active Directory locked out!” the police chief stared blankly at the computer screen. He then glared darkly across the hallway at the culprit who is dressed in all black, hissing back at the police chief.\nIt was the dreaded Script Kitty, Madame CatFile’s only daughter. For years, there was a chance of her not assuming her mother’s role of foul villainry, and then the worst happened: she saw the cool clothes evil villains wore, and that was that. She was another victim of fashion.\nTonight, she had somehow slipped into the office in the guise of one of the cleaning staff and plugged her laptop into an unwatched LAN jack. She ran her “AttackCityHall.vbs” script in the hopes of unlocking at least one account. Fortunately for the city of Redmond and unfortunately for her, neither time nor password complexity rules was on her side.\nUnfortunately, the city had for security reasons designed its Active Directory to not automatically unlock. Thus, the poor police chief found himself in a predicament.\n“Hiiiiissssss,” Script Kitty hissed again at the chief.\nHow dare he walk in on her while she was attempting to hack all of the accounts in the city of Redmond? She would have gotten away, too, if it weren’t for that oh-so-cute little mouse. She just had<\/i> to pounce on it! After all, it was a pink Arc mouse. “So rare! Purrrrr,” her mind raced and then she was quickly caught and locked up.\nThere was only one account that Script Kitty missed. She, in her haste, somehow overlooked an administrator account.\nThe police chief looked over at the blue box on the wall with a small hammer marked, “In case of network emergency, break glass and press button.”\nThe glass shattered, the police chief did the one thing he never thought he’d need to do: he summoned the BATCHman Klaxons.\nHe pressed the Get-Help<\/strong> button, and moments later, 1,000 loudspeakers inside his office began pumping out a 1,000-decibel warning siren along with a blinding light.\nCovering his ears and eyes, he stumbled across the room looking at the deputy. Taking a hammer to the Get-Help<\/strong> button and many sparks later, the sound and light disappeared.\nStaring at his deputy, he cursed, “I told you, have them mount the BATCHman warning system outside<\/i> the office, not inside!” He quickly grabbed his cell phone and dialed BATCHman’s private line.\n***Moments later with a THUD and WHUMP***<\/b>\n“Never fear, BATCHman is here!” announced BATCHman.\nThe police chief looked up still recovering from the massive assault of sound and light. “Yes! Thank goodness you’re here! We are in dire need of your help!” he shouted above the imagined din.\nBATCHman looked. “No need to yell, good citizen. We can h…”\nThe police chief gestured to all the loudspeakers in the office as well as the broken BATCHman blue box.\n“Ahhhh, not again. Must remember, outside not inside.”\nQuickly the Police chief guided him to the workstation “We’re locked out of Active Directory! Only one good account! Need to get in! GUI slow! Ears hurt, too!”\nBATCHman thought for a moment. With Windows PowerShell, they could solve this easily. Nevertheless, they’d have to identify the locked-out accounts to make this quick.\nQuickly, he entered the Windows PowerShell console and loaded up the ActiveDirectory<\/b> module.<\/p>\n

IMPORT-MODULE ActiveDirectory<\/i>\nCmdlet looked over. “BATCHman, can we just pull up a user and have it show us whether they are locked out?”\nEnjoying his sidekick’s enthusiasm BATCHman noted, “Yes, it is possible using the Properties<\/b> parameter, but the ActiveDirectory<\/b> module has a far more powerful feature called SEARCH-ADACCOUNT<\/b>. To find all users locked out in Active Directory, we type this.”<\/p>\n

SEARCH-ADACCOUNT –lockedout<\/i>\n“But, Cmdlet, if we need to make this go faster and unlock only the computers in a particular organizational unit or OU, we can specify parameters such as –searchbase<\/b>.”<\/p>\n

SEARCH-ADACCOUNT –searchbase ‘OU=Division31,OU=Locations,DC=Police,DC=Redmond,DC=Local’ –lockedout<\/i>\nNow, we can just quickly UNLOCK<\/b> all the accounts by piping the results into UNLOCK-ADACCOUNT<\/b>.<\/p>\n

SEARCH-ADACCOUNT –searchbase ‘OU=Division31,OU=Locations,DC=Police,DC=Redmond,DC=Local’ –lockedout | UNLOCK-ADACCOUNT<\/i>\nCmdlet blinked. One single line? “Holy Simple Simon, BATCHman! Windows PowerShell really is<\/i> powerful!”\n“Yes, it is. Now, quickly have the police chief verify that his staff and he can get in.”\nThe police chief logged in and verified all was well. “Thank you, BATCHman! You have saved the day! You’re our hero!”\nBATCHman covered his ears from the shouting. “You’re quite welcome good citizen.”\nForgotten during all of this, Script Kitty looked up at BATCHman and purred, “Your outfit is purrrfectly delightful.”\nBATCHman looked over. “Yes, maybe someday you’ll learn about the power of good and of Windows PowerShell. Crime not only doesn’t pay, it has a far worse budget for cool costumes.”\n \nI want to thank Sean for another exciting episode of BATCHman. Join us tomorrow when The Scripting Wife learns about creating a profile for the Windows PowerShell console.\nI invite you to follow me on Twitter<\/a> and Facebook<\/a>. If you have any questions, send email to me at scripter@microsoft.com<\/a>, or post your questions on the Official Scripting Guys Forum<\/a>. See you tomorrow. Until then, peace.\nEd Wilson, Microsoft Scripting Guy<\/b>\n \n <\/p>\n","protected":false},"excerpt":{"rendered":"

Summary: BATCHman shows how to use Windows PowerShell to locate and unlock user accounts in Active Directory.   Microsoft Scripting Guy Ed Wilson here. In the continuing saga of the world’s first Windows PowerShell superhero, BATCHman, and his faithful sidekick, Cmdlet, I once again present Windows PowerShell MVP and Honorary Scripting Guy Sean Kearney.   […]<\/p>\n","protected":false},"author":596,"featured_media":87096,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[7,284,56,3,154,20,45],"class_list":["post-12731","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-scripting","tag-active-directory","tag-batchman","tag-guest-blogger","tag-scripting-guy","tag-sean-kearney","tag-user-accounts","tag-windows-powershell"],"acf":[],"blog_post_summary":"

Summary: BATCHman shows how to use Windows PowerShell to locate and unlock user accounts in Active Directory.   Microsoft Scripting Guy Ed Wilson here. In the continuing saga of the world’s first Windows PowerShell superhero, BATCHman, and his faithful sidekick, Cmdlet, I once again present Windows PowerShell MVP and Honorary Scripting Guy Sean Kearney.   […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/12731","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/users\/596"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/comments?post=12731"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/12731\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media\/87096"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media?parent=12731"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/categories?post=12731"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/tags?post=12731"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}