Home > SCSM > Unlock Active Directory Account Task in SCSM

Unlock Active Directory Account Task in SCSM


Hi.

Sorry for the lack of update but it’s been a busy time.

I thought I would share my unlock user task in SCSM, one of the most common incidents we have is locked AD accounts so I’ve created a task that unlocks the affected users AD account with PowerShell.

For this to work you need to have Active Directory User and Computer snappin installed.

Go to Library > Tasks > Create Task

Give the Task a name and a description. Select incident as the target class and if you want create a new Management Pack

Task name

On the next screen select where you want this task to be shown. Im only going to select “Incident Support Groups Folder Tasks

Category

On the next screen is where you input the script that unlockes the user account.

In the command windows input

c:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe

And in the Parameters input

-command Import-Module ActiveDirectory; Unlock-ADAccount –Identity User account; write account User accountunlocked.

The red marked text is where you need to insert the affected users username so click Insert Property and select Affected User and User Name do this for both and make sure you type the ; after the first User account

 affecteduser

Select “Log in action log when this task is run” if you want

It should then look something like this

Command

Press Next and then Create

You are now finished and you should see the task when you select an incident.

UnlockTask

I have also attached a finished MP with the task and a Icon for it that you can goahead and import. rename it .mpb

Unlock User Account Task

In the next post I will show you how we can unlock the affected user account and close the incident using orchestrator.

Advertisements
Categories: SCSM
  1. Andrew
    February 19, 2013 at 12:00

    Great post!

    Although for password generation you could just use:
    “$RandomComplexPassword=[System.Web.Security.Membership]::GeneratePassword($Length,$nonAlphas)” Where $length is the length of the password and $nonAlphas is the minimum number of non alphanumeric characters for the password.

    Thanks.

    • Andrew
      February 19, 2013 at 12:07

      My bad – before the above command first may need to import assembly:
      “$Assembly = Add-Type -AssemblyName System.Web”

      • February 20, 2013 at 09:21

        yeah, im sure there are many different ways of creating the password, i actually ended up using the built in one from Orchestrator “generate random text” that was suggested by Anthony.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: