Enable Disabled domain accounts with powershell

Home Forums Microsoft Networking and Management Services Active Directory Enable Disabled domain accounts with powershell

This topic contains 1 reply, has 2 voices, and was last updated by Rems Rems 1 week, 5 days ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • Avatar
    BryanRy
    Participant
    #623965

    I need to enable or disable account on active directory domain controller (Server 2012) through powershell wmi:
    1. I tried using command: wmic useraccount where “name=’myusername'” set disabled=true

    It returns an error:
    Updating property(s) of ‘\\MYDCONTROLLER\ROOT\CIMV2:Win32_UserAccount.Domain=”
    Mydomain”,Name=”myusername”‘
    ERROR:
    Description = Generic failure

    2. I tried using command:
    PS C:\Windows\system32> Get-WmiObject Win32_UserAccount -filter “LocalAccount=False”|?{$_.name -eq “userName”} |%{$_.disabled=$true;$_.passwordChangeable=$true;$passwordrequired=$true;$disabled=$true;$_.put()}

    This returns error:

    Exception calling “Put” with “0” argument(s): “Generic failure “
    At line:1 char:174
    + … isabled=$false;$_.put()}
    + ~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : DotNetMethodException

    I found this command in
    https://www.experts-exchange.com/questions/27803796/Enable-Disabled-LOCAL-accounts-with-Powershell.html
    Any ideas? I know how to use Get-aduser or other commands, but it need to be done via wmi

    • This topic was modified 2 weeks ago by Avatar BryanRy.
    Rems
    Rems
    Moderator
    #624019

    Hi BryanRy,

    The simplest solution for what you want to control is probably to enable the Active Directory module for PowerShell on your computer (if not yet) and use the AD cmdlets.

    Install the AD module for PS:

    When you manage AD from a member server make sure the Active Directory Module for PowerShell is added on your Server (you can add the module as a feature in Server Manager or using PowerShell)

    Or,  When you manage AD from your Windows client computer make sure the Active Directory PowerShell feature (part of the RSAT tools) has been enabled on your admin computer. Note: Starting with Windows 10 October 2018 Update, RSAT is included as a set of “Features on Demand” in Windows 10 itself! Only… if your computer is running an older version, you firstly have download and install the appropriate version of RSAT before you can enable the Active Directory module for Windows PowerShell.

    Notes

    1. The AD module is already installed on domain controllers on Windows Server.
    2. Of course, the user who runs the cmdlet must have domain administrator privileges or should be delegated to specific tasks.

    PowerShell examples:

    IMPORTANT: In Windows 7 and Windows Server 2008 R2 with PowerShell 2.0 installed, the ActiveDirectory module doesn’t load automatically in PowerShell. Therfore your powerShell scrips targeting AD executed from an “old” computer, should always begin the script with the line: Import-Module ActiveDirectory

    1. http://techgenix.com/active-directory-user-accounts/
    2. https://www.lepide.com/how-to/unlock-enable-disable-ad-accounts-with-powershell.html

     

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.