Reputation: 27
How to use if/else statement to act on Get-ADUser lockout property
I'm trying to write a script with powershell and combine it with XAML to make some Active Directory management tasks easier for myself. I'm currently hung up on trying to query whether accounts are locked or not.
#Making the Check Account Button display the Lockout property
$WPFCheck_Account.Add_Click({
$User = Get-ADUser -Filter {sAMAccountName -eq $WPFInput_User.Text} -Properties LockedOut | Select-Object LockedOut
if($User -eq $null)
{$WPFCheck_Results.AddChild("Account Not Found")}
elseif($User = "True")
{$WPFCheck_Results.AddChild("Account Locked Out")}
elseif($User = "False")
{$WPFCheck_Results.AddChild("Account Not Locked Out")}
})
The first if statement successfully filters invalid account names, but all valid account names are caught by the second if and labeled as locked out. I originally thought the problem was with my $status variable and the comparison with the "true" or "false" strings, but in my searches I found others using the same strings so I'm not sure where my problem is.
Upvotes: 0
Views: 3264
Answers (2)
Reputation: 16096
How about either of these two approaches. Well, you have to tweak for your form, but you know...
($UserName = $env:USERNAME)
Administrator
If (-Not (Get-ADUser -Filter {sAMAccountName -eq $Username} -Properties sAMAccountName,LockedOut))
{Write-Warning -Message "The user $UserName was not found"}
ElseIf(Get-ADUser -Filter {sAMAccountName -eq $username} -Properties sAMAccountName,LockedOut)
{"$UserName account is not locked out"}
Else{Write-Warning -Message "$UserName account is locked out"}
Administrator account is not locked out
$AccountStatus = Get-ADUser -Filter {sAMAccountName -eq $Username} -Properties sAMAccountName,LockedOut
switch ($AccountStatus.LockedOut)
{
'False' {"$UserName account is not locked out"}
'True ' {Write-Warning -Message "$UserName account is locked out"}
default {Write-Warning -Message "The user $UserName was not found"}
}
Administrator account is not locked out
Upvotes: 0
Reputation: 1660
You are assigning a value to variable, not comparing them, (old equal-sign pit we have all fallen to) so the second if always gets $true. Also, LockedOut property is Boolean, not String, so it can only have two values after you have checked out $null. No need for the third if:
elseif($User)
{$WPFCheck_Results.AddChild("Account Locked Out")}
else
{$WPFCheck_Results.AddChild("Account Not Locked Out")}
Upvotes: 1
Related Questions
- How can I verify if an AD account is locked?
- how to unlock accounts that meet certain conditions
- Trying to find enabled or disabled Users in AD with Powershell
- Disable ADuser if the user still has the check change password at next logon
- Check AD User for Logon Script(s)
- If statements - Powershell
- Unlocking an AD user with Powershell
- Show result of this cmdlet: Unlock-ADAccount
- Powershell - prompt for a variable to add to a command
- Unlocking Locked Out accounts using PowerShell (not with Quest AD cmdlets)