如何使用PowerShell 2.0在其他域上解锁Active Directory帐户？

Question

I found an amazing PowerShell script by LazyWinAdmin that kind of does what I want - but it is limited to just the current domain. The way our network is set up we have different domains for certain types of accounts.

I am trying to write up a script that simply unlocks a specified user account on a specific domain. Our system uses PowerShell 2.0 which is making this very difficult because I know that the later versions have Active Directory management cmdlets. Trust me, I have requested that we have a newer version of PowerShell installed on our systems but the company flat out refuses to budge.

I feel kind of stupid because I have worked almost exclusively with the newer versions in the past so I got used to the various cmdlets rather than having to manually draft out every single thing I want to do.

Answer 1

You need to specify the search root to search from other domain.

Original code in $buttonUnlock_Click:

# Search for this account in the current domain
$Searcher = [ADSISearcher]"(sAMAccountName=$Name)"
$Results = $Searcher.FindOne()

Also in $buttonCheck_Click (it has no search code but just a comment):

# Search for this account in the current domain

Change both to:

$searcher = New-Object DirectoryServices.DirectorySearcher
$searcher.Filter = "(sAMAccountName=$name)"
$searcher.SearchRoot = New-Object DirectoryServices.DirectoryEntry('LDAP://other.domain', 'user', 'pwd')
$results = $searcher.FindOne()

If current user already has permission to access the other domains, you may simply put [adsi]'LDAP://other.domain' as search root.