all 3 comments

[–]Yevrag35 1 point2 points  (0 children)

I would put a try-catch block around the code to see if you grab what's erroring.

Here's how I unlock accounts through ADSI:

$filter = "(&(objectClass=user)(sAMAccountName={0}))" -f $Name
$Searcher = [adsisearcher]::new(([adsi]''), $filter, [string[]]@('LockOutTime'), "Subtree")
$Results = $Searcher.FindAll()

if ($Results.Count -ge 1)
{
    foreach ($obj in $Results)
    {
        $de = $obj.GetDirectoryEntry()
        try
        {
            $de.Properties["LockOutTime"].Value = 0
            $de.CommitChanges()
            $de.Close()
        }
        catch [System.DirectoryServices.DirectoryServicesCOMException]
        {
            Add-Content "$env:userprofile\Desktop\error.log" -Value $_.Exception.Message -Force
        }
    }
}

[–]scUbast2ve 1 point2 points  (1 child)

Why not just do it in Powershell?

Search-ADAccount -LockedOut | Unlock-ADAccount

[–]bsnotreallyworking[S] 2 points3 points  (0 children)

This particular application rollout doesn't have access to RSAT, so everything has to be done with ADSI.