Unlocking Locked Out accounts using PowerShell (not with Quest AD cmdlets) - powershell

I'm writing a GUI tool using PowerShell that is able to do most AD related tasks with just a user name and button click. I've done all the usual ones (Create / Remove Users, Create / Remove Security & Distribution Groups, Resetting Passwords, etc) but can't find away of unlocking a "Locked Out" account.
I'm trying to do this without using Quest AD cmdlets as I want a more stand alone solution. So I'm wondering whether is possible with plain PowerShell (1.0 or 2.0) in a Windows 2003 Domain.
Many thanks.

Set the lockoutTime property of the DirectoryEntry to 0.
Sample:
$x = [ADSI]'LDAP://SomeDN'
$x.lockoutTime = 0
$x.CommitChanges()
$x.Close()

Been out of the AD world for a few years. I haven't worked with PowerShell at all but does the link below offer what you're looking for?
http://dmitrysotnikov.wordpress.com/2007/08/14/enable-disable-unlock-user-accounts/

Related

AssignedAccess Windows 10 Powershell

I am currently working on a Kiosk for my company, the point for me is to create a powershell script that will create a user and directly assign it as a Kiosk user with Microsoft Edge Chromium. It works fine with the windows settings but thats not how we need to make it. But when I want to make the command with powershell
Set-AssignedAccess -AUMID "MSEdge" -UserSID "USERSID"
When i do it this way I get this error :
New-CimInstance : One or multiple parameter values passed to the method are not valid.
So I managed to get another AUMID which is : Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe!App
The command is a success after that but in the end when I connect to the Kiosk user it keeps on blinking loading blue screen and never pops out Microsoft Edge.
Does someone knows about this ?
Thank you.
Try using this AUMID Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge.
This works for Windows Versions below 21H2.
I cannot help you at this time with the version above 21H2.

Add entire group to active directory

I'm trying to create a script that queries active directory for a group named $server-Administrators, checks to make sure if the group is in local admins, and if not in local admins adds the group to local admins. I know that get-ADGroup allows you to easily check for if there is an administrator group, however I'm not sure how to add an entire group to AD. I'm aware of add-ADGroupMember, however I don't think that is the cmdlet that would let me add an entire group to active directory.
$serverName = hostname
$query = get-adgroup administrators
if ($query == false){
#add group to local admins
}
Does anyone know of a way to add an entire group?
Since it doesn't look like you're trying to work through a problem (you don't really show any attempts to solve the issue yourself, and only have pseudo-code shown), I'll just give reference to what will solve the question without doing much real work myself.
I flexed my Google muscles and searched for 'powershell local administrators group' and the 6th result showed me the answer to your question (second thing I clicked on, because I can't help but read the Hey Scripting Guy! site first).
Use Jaap Brasser's script from the TechNet Script Gallery. The work has already been done, there's no need for you to re-invent the wheel here. Save that script, then run it as described in the in-script help.
.\Get-Set-ADAccountasLocalAdministrator.ps1 -Computer 'Server01,Server02' -Trustee YourDomain\Server-Administrators

Change workstation OU without AD tools in Powershell

Right now I have a pushbutton tool, which is basically a fancy GUI that calls the DSMOVE command.
Is it possible to change a workstation account to another OU (in powershell natively) without actually having the AD tools for powershell installed? I do have the syntax to be able to see what OU I am in, but I can't find a way to change it. I'd like to cut out the DSMOVE executable.
The next question would be, how do I?
Without any tools (or error checking, or anything similar):
$User = [adsi]'LDAP://CN=BielawB,CN=Users,DC=monad,DC=ps1'
$User.MoveTo('LDAP://OU=Destination,DC=monad,DC=ps1')
Obviously, it would be wise to wrap it in some function and add some checking/ error handling.
I've used user object, but that's not different for any other AD object...

Nsis shortcuts for different users

Advice Nsis ā€“ windows7
I have two users on the same computer (Admin and standard), I will be running my nsis installer when logged in to the standard user. My problem is that I need to create shortcuts on both desktops!!
Example
Standard User - Desktop
- Shortcut 1
- Shortcut 2
- Shortcut 3
Admin User - Desktop
- Shortcut 2
- Shortcut 4
Iā€™m new to nsis- I have managed to create the Shortcut on the standard user account - If it helps I know the admin username and password.
NSIS - Desktop Shortcut For All Users
I saw this link but it does not seem to be working
When I try
CreateShortCut "${ProfilePathAllUsers}\Desktop\simpleApp.lnk" "$INSTDIR\ApplicationsLocation\ Applications.simpleApp.Host.exe"
I fear I may be going in the wrong direction-
Im also using Unicode Nsis
Any Advice will be welcome - Thank you
You cannot write to another users profile without administrator rights so make sure you are elevated.
Creating a shortcut for another user is wrong IMHO. If you want to create a shortcut for all users you can do:
; This code assumes you are elevated...
SetShellVarContext all
CreateShortcut "$desktop\myapp.lnk" "$instdir\myapp.exe"
Knowing the username/password would indeed help if you really wanted to do it for a single user; you would have to call LogonUser + SHGetFolderPath with the system plugin to get the path (Or the code you linked to but that uses undocumented stuff).

Using Xcode for multiple developer IDs

I am quite new all this iPhone stuff. I have no such clear IDea yet about provisioning profile etc.
I will be using my mac machine for two different developer IDs,one for my own and other for the startup where I am working in. Now,how can I use xCode to submit my apps in two different IDs?
thanks
You can explicitly specify a signing identity (as long as they have different names) and a provisioning profile GUID.
EDIT: CODE_SIGN_IDENTITY[sdk=iphoneos*] = iPhone Developer: John Doe (ABCDEF) and PROVISIONING_PROFILE[sdk=iphoneos*] = provisioning-profile-guid in the config (or on the command line). Or in the project settings, search for "sign" and use the nice GUI menu.
Alternatively, use a different user account for your work builds.
EDIT: System Preferences ā†’ Accounts and add a new user. It also helps if you enable fast user-switching under "Login Options".