Need a little help please with my Powershell code

PSCoder · April 8, 2024, 1:51am

I have some PowerShell code that “works” technically. It will check to see if the AD account is locked. It is is locked, it will unlock, or give message that it isn’t locked. I would like for it to also provide a message if not a valid username was not entered. For example, maybe a typo, or some other reason why the user account doesn’t exist. Currently, if I enter a name that doesn’t exist, it will give the message that that account is not locked. While technically that is true, it isn’t locked, I would like a more meaningful message explaining that the account doesn’t exist.

`# Prompt for username
$username = Read-Host “Enter the username to unlock”

Get the user account

$user = Get-ADUser -Identity $username

Check if the user account exists

if ($user) {
# Check if the account is locked out
if ($user | Get-ADUser | Where-Object { $_.LockedOut }) {
# Unlock the account
Unlock-ADAccount -Identity $username
Write-Host “Account ‘$username’ has been unlocked.”
} else {
Write-Host “Account ‘$username’ is not locked out.”
}
}`

dotnVo · April 8, 2024, 4:35am

Hey there,

Welcome! For future posts, pleas format your code: Formatting your code: How to format code on PowerShell.org

Sometimes, funky things can happen if all the code isn’t formatted as code. If you could modify your current post that would be awesome.

To provide a quick answer to your direct question there’s a lot of ways you might go about doing it Probably the easiest is simply to modify your code just a tad and make use of your call for Get-ADUser a little more with a try catch, while changing up the if statement to simply check for input

if ($username) {
    try {
        $User = Get-ADUser -identity $username
        if ($User.LockedOut) {
            Unlock-ADAccount -identity $User
        } else {
            Write-Host "Account $User is not locked out"
        }
    } catch {
        Write-Host 'Account does not exist or something else went wrong'
    }
}

This isn’t necessarily how I’d write it myself but it should work.Notice how I moved the Get-aduser and wrapped it into a try catch, so i can catch any errors then do something else. in my experience about 99.99% of the time, Get-ADUser only fails (assuming good network) if its not a user, so you probably would be ok just catching all terminating errors, but you can catch specific errors too. about Try Catch Finally - PowerShell | Microsoft Learn

For additional reading, I’d probably suggest taking a look at how to create functions: about Functions - PowerShell | Microsoft LearnFunctions are going to give you a lot more flexibility and you can validate input, and not rely on read-host. I’d suggest doing some research/googling on some PS docs as those are going to help you quite a bit.

PSCoder · April 9, 2024, 1:58am

Thanks @dotnVo . I made the following changes as you suggested, and it works better. Sorry about the earlier unformatted code.

# Prompt for username
$username = Read-Host "Enter the username to unlock"

# Get the user account
$user = Get-ADUser -Identity $username

# Check if the user account exists
if ($user) {
    # Check if the account is locked out
    try {
        $User = Get-ADUser -identity $username
        if ($User.LockedOut) {
            Unlock-ADAccount -identity $User
        } else {
            Write-Host "Account $User is not locked out"
        }
    } catch {
        Write-Host 'Account does not exist'
    }
}

krzydoug · April 9, 2024, 4:56am

No need to query the user twice. Also your error message in the catch doesn’t make sense. You already checked for the user so if there is an error, it is most likely anything other than the account not existing.

# Prompt for username
$username = Read-Host "Enter the username to unlock"

# Get the user account
$user = Get-ADUser -Identity $username

# Check if the user account exists
if ($user) {
    # Check if the account is locked out
    try {
        if ($User.LockedOut) {
            Unlock-ADAccount -identity $User
        } else {
            Write-Host "Account $User is not locked out"
        }
    } catch {
        Write-Warning $_.Exception.Message
    }
}

PSCoder · April 9, 2024, 7:27pm

Thanks @krzydoug . Your input was helpful, and I tweaked it some more. I changed the order of things and now it does give it a more specific response for a user that doesn’t exist, which is what I was looking for. And the exception message which will should work to catch other errors.

# Prompt for username
$username = Read-Host "Enter the username to unlock"

# Get the user account
$username = Get-ADUser -Identity $username

# Check if the user account exists
if ($user) {
    # Check if the account is locked out
    try {
        $User = Get-ADUser -identity $username
        if ($User.LockedOut) {
            Unlock-ADAccount -identity $User
        } else {
            Write-Host "Account $User is not locked out"
        }
}    } catch {
        Write-Host $_.Exception.Message
    }
}

Topic		Replies	Views
Verifying user accounts exist in AD PowerShell Help	7	171	January 27, 2015
Prompt for user name AD status PowerShell Help	1	138	May 14, 2022
Check For Existing AD Users PowerShell Help	6	223	May 6, 2019
Check if a username exists PowerShell Help	2	202	August 10, 2018
Error: Missing statement block after if ( condition ) PowerShell Help	6	231	June 11, 2019

Need a little help please with my Powershell code

Get the user account

Check if the user account exists

Related Topics