I have access to unlock AD accounts via the “Active Directory Users and Computers” console, however, if I try the same thing from the command line (Unlock-ADAccount) the system shows a “insufficient access rights” error even though I open the PS console with the account having rights to do that AND even enter the same account using the -Credentials parameter.
To perhaps clarify this, I open the AD console using my domain admin account (Run As) and I can unlock accounts, I open the PS console using the same account, no dice.
Also running it with an account that has Domain Admin rights, is not the same thing as running powershell as administrator. Does the powershell bar says “Windows Powershell” or does it say “administrator: Windows powershell” ?