Add-Type -AssemblyName System.Windows.Forms
Add-Type -AssemblyName System.Drawing
Add-Type -AssemblyName "microsoft.visualbasic" -ErrorAction Stop

#Links security groups to their corresponding OU Distinguished Names
$group_linked_ou = [PSCustomObject]@{
        SecurityGroup1 = "OU=test,OU=test,OU=test Users,OU=test,OU=test,DC=test,DC=test"
        SecurityGroup2 = "OU=test,OU=test,OU=test Users,OU=test,OU=test,DC=test,DC=test"
        SecurityGroup3 = "OU=test,OU=test,OU=test Users,OU=test,OU=test,DC=test,DC=test"
        }

#List of security groups taken from the object above
$group_keys = $group_linked_ou | ForEach-Object {$_.psobject.properties.name}

#Get current logged in user
$logged_in_user = Get-ADUser -Identity $env:username -Properties MemberOf

#Matches a list of groups against a users group memberships and returns an array of matches
Function filter_group_membership($user, $groups){
    $group_list = [System.Collections.ArrayList]@()

    foreach ($group in $groups)
    {
        foreach ($group_membership in $logged_in_user.MemberOf)
        {
            if($group_membership.Contains($group)){
                [Void]$group_list.Add($group)
            }
        }
    }
    return $group_list
}

#From a list of OU distinguished names get a list of member users
Function list_ou_members ($ou_dns) {
    $member_list = [System.Collections.ArrayList]@()
    foreach($ou in $ou_dns) {
        $users = Get-ADUser -Filter 'Enabled -eq $true' -SearchBase $ou | Select-Object SamAccountName
        foreach($user in $users){
            [Void]$member_list.Add($user.SamAccountName)
        }
    }

    return $member_list
}

$unlock_group_membership = filter_group_membership -user $logged_in_user -groups $group_keys

#Get a list of OU distinguished names from the list of security groups the user is a member of (See group_linked_ou comment)
$ou_dn_list = [System.Collections.ArrayList]@()

foreach($group in $unlock_group_membership) {
    $linked_ou = ($group_linked_ou).$group
    [Void]$ou_dn_list.Add($linked_ou)
}
 
$users_to_unlock = list_ou_members -ou_dns $ou_dn_list

#GUI creation
$form = New-Object System.Windows.Forms.Form
$form.Text = 'Unlock Account'
$form.Size = New-Object System.Drawing.Size(400,200)
$form.StartPosition = 'CenterScreen'

$label = New-Object System.Windows.Forms.Label
$label.Location = New-Object System.Drawing.Point(55,20)
$label.Size = New-Object System.Drawing.Size(280,20)
$label.Text = 'Please select a staff member to unlock:'
$form.Controls.Add($label)

$listBox = New-Object System.Windows.Forms.ListBox
$listBox.Location = New-Object System.Drawing.Point(55,40)
$listBox.Size = New-Object System.Drawing.Size(260,20)
$listBox.Height = 80

$okButton = New-Object System.Windows.Forms.Button
$okButton.Location = New-Object System.Drawing.Point(145,120)
$okButton.Size = New-Object System.Drawing.Size(75,23)
$okButton.Text = 'OK'
$okButton.DialogResult = [System.Windows.Forms.DialogResult]::OK
$form.AcceptButton = $okButton
$form.Controls.Add($okButton)

# For each user create list box item
foreach ($user in $users_to_unlock){
    [void] $listBox.Items.Add($user)     
}

$form.Controls.Add($listBox)

$form.Topmost = $true

$result = $form.ShowDialog()

#Perform an unlock on the selected user when the OK button is clicked 
if ($result -eq [System.Windows.Forms.DialogResult]::OK)
{
    $selected_user = $listBox.SelectedItem

    Try {
     Unlock-ADAccount -Identity $selected_user

     $message = "$selected_user unlocked successfully"
     $button = "OKOnly"
     $icon = "Information"
     [microsoft.visualbasic.interaction]::Msgbox($message,"$button,$icon","Account Unlocked") | Out-Null
    }
    Catch {
        $message =  "Failed to unlock account for $selected_user"
        $button = "OKOnly"
        $icon = "Exclamation"
       [microsoft.visualbasic.interaction]::Msgbox($message,"$button,$icon","Account Unlock Failed") | Out-Null
    }
}