commit 2b9f64d4fd6567b4b5fc024ec7b1cb426751a844 Author: jnisbet Date: Wed Mar 6 15:17:08 2024 +0000 Add UnlockScript.ps1 diff --git a/UnlockScript.ps1 b/UnlockScript.ps1 new file mode 100644 index 0000000..86d2d23 --- /dev/null +++ b/UnlockScript.ps1 @@ -0,0 +1,114 @@ +Add-Type -AssemblyName System.Windows.Forms +Add-Type -AssemblyName System.Drawing +Add-Type -AssemblyName "microsoft.visualbasic" -ErrorAction Stop + +#Links security groups to their corresponding OU Distinguished Names +$group_linked_ou = [PSCustomObject]@{ + SecurityGroup1 = "OU=test,OU=test,OU=test Users,OU=test,OU=test,DC=test,DC=test" + SecurityGroup2 = "OU=test,OU=test,OU=test Users,OU=test,OU=test,DC=test,DC=test" + SecurityGroup3 = "OU=test,OU=test,OU=test Users,OU=test,OU=test,DC=test,DC=test" + } + +#List of security groups taken from the object above +$group_keys = $group_linked_ou | ForEach-Object {$_.psobject.properties.name} +#$env:username +#Get current logged in user +$logged_in_user = Get-ADUser -Identity $env:username -Properties MemberOf + +#Matches a list of groups against a users group memberships and returns an array of matches +Function filter_group_membership($user, $groups){ + $group_list = [System.Collections.ArrayList]@() + + foreach ($group in $groups) + { + foreach ($group_membership in $logged_in_user.MemberOf) + { + if($group_membership.Contains($group)){ + [Void]$group_list.Add($group) + } + } + } + return $group_list +} + +#From a list of OU distinguished names get a list of member users +Function list_ou_members ($ou_dns) { + $member_list = [System.Collections.ArrayList]@() + foreach($ou in $ou_dns) { + $users = Get-ADUser -Filter 'Enabled -eq $true' -SearchBase $ou | Select-Object SamAccountName + foreach($user in $users){ + [Void]$member_list.Add($user.SamAccountName) + } + } + + return $member_list +} + +$unlock_group_membership = filter_group_membership -user $logged_in_user -groups $group_keys + +#Get a list of OU distinguished names from the list of security groups the user is a member of (See group_linked_ou comment) +$ou_dn_list = [System.Collections.ArrayList]@() + +foreach($group in $unlock_group_membership) { + $linked_ou = ($group_linked_ou).$group + [Void]$ou_dn_list.Add($linked_ou) +} + +$users_to_unlock = list_ou_members -ou_dns $ou_dn_list + +#GUI creation +$form = New-Object System.Windows.Forms.Form +$form.Text = 'Select a Computer' +$form.Size = New-Object System.Drawing.Size(400,200) +$form.StartPosition = 'CenterScreen' + +$label = New-Object System.Windows.Forms.Label +$label.Location = New-Object System.Drawing.Point(55,20) +$label.Size = New-Object System.Drawing.Size(280,20) +$label.Text = 'Please select a staff member to unlock:' +$form.Controls.Add($label) + +$listBox = New-Object System.Windows.Forms.ListBox +$listBox.Location = New-Object System.Drawing.Point(55,40) +$listBox.Size = New-Object System.Drawing.Size(260,20) +$listBox.Height = 80 + +$okButton = New-Object System.Windows.Forms.Button +$okButton.Location = New-Object System.Drawing.Point(145,120) +$okButton.Size = New-Object System.Drawing.Size(75,23) +$okButton.Text = 'OK' +$okButton.DialogResult = [System.Windows.Forms.DialogResult]::OK +$form.AcceptButton = $okButton +$form.Controls.Add($okButton) + +# For each user create list box item +foreach ($user in $users_to_unlock){ + [void] $listBox.Items.Add($user) +} + +$form.Controls.Add($listBox) + +$form.Topmost = $true + +$result = $form.ShowDialog() + +#Perform an unlock on the selected user when the OK button is clicked +if ($result -eq [System.Windows.Forms.DialogResult]::OK) +{ + $selected_user = $listBox.SelectedItem + + Try { + Unlock-ADAccount -Identity $selected_user + + $message = "$selected_user unlocked successfully" + $button = "OKOnly" + $icon = "Information" + [microsoft.visualbasic.interaction]::Msgbox($message,"$button,$icon","Account Unlocked") | Out-Null + } + Catch { + $message = "Failed to unlock account for $selected_user" + $button = "OKOnly" + $icon = "Exclamation" + [microsoft.visualbasic.interaction]::Msgbox($message,"$button,$icon","Account Unlock Failed") | Out-Null + } +} \ No newline at end of file