add various scripts

control-ad.ps1

@@ -0,0 +1,61 @@
+# load ActiveDirectory module
+Try
+{
+    Import-Module ActiveDirectory -ErrorAction Stop
+}
+Catch
+{
+    Write-Warning $_
+    Break
+}
+
+function Show-Menu
+{
+    param (
+        [string]$Title = 'Control Center'
+    )
+    cls
+    Write-Host "================ $Title ================"
+
+    Write-Host "1: Unlock User"
+    Write-Host "2: Reset Password"
+    Write-Host "3: Get Lockout Location"
+    Write-Host "4: Disable Computer"
+    Write-Host "5: Restart Computer"
+    Write-Host "6: Remove Public Desktop Icons"
+    Write-Host "Q: Press 'Q/q' to quit."
+}
+
+do
+{
+    Show-Menu
+    $input = Read-Host "Please make a selection"
+    switch ($input)
+    {
+        '1' {
+            cls
+            .\scripts\users\unlock-account.ps1
+        } '2' {
+            cls
+            .\scripts\users\reset-password.ps1
+        } '3' {
+            cls
+            start powershell `
+              -ArgumentList '-noexit .\scripts\users\get-lockout-location.ps1'
+        } '4' {
+            cls
+            .\scripts\computers\disable-computer.ps1
+        } '5' {
+            cls
+            start powershell `
+              -ArgumentList '.\scripts\computers\restart-computer.ps1'
+        } '6' {
+            cls
+            .\scripts\misc\remove-public-desktop-icons.ps1
+        } 'q' {
+            return
+        }
+    }
+    sleep 1
+}
+until ($input -eq 'q')

scripts/computers/disable-computer.ps1

@@ -0,0 +1,21 @@
+# load ActiveDirectory module
+Try
+{
+    Import-Module ActiveDirectory -ErrorAction Stop
+}
+Catch
+{
+    Write-Warning $_
+    Break
+}
+
+function Disable-Computer
+{
+    $samAccountName = Read-Host 'Please enter a computer name'
+    $date = Get-Date -format "yyyy-MM-dd"
+    Get-ADComputer -Identity $samAccountName | Disable-ADAccount
+    Set-ADComputer -Identity $samAccountName `
+                   -Description "disabled by $(whoami) $date"
+}
+
+Disable-Computer

scripts/computers/restart-computer.ps1

@@ -0,0 +1,20 @@
+function Restart-Domain-Computer
+{
+    $computername = Read-Host 'Please enter a computer name'
+    Restart-Computer -Force -ComputerName $computername
+    sleep 30
+    while ($status -eq $null)
+    {
+        if(Test-Connection `
+            -Computername $computername `
+            -BufferSize 16 `
+            -Count 1 `
+            -Quiet){break}
+        Write-Host 'Still offline'
+        sleep 5
+    }
+    Write-Host -foregroundcolor "green" $computername ' is online'
+    Read-Host 'Press a key to quit'
+}
+
+Restart-Domain-Computer

scripts/misc/remove-public-desktop-icons.ps1

@@ -0,0 +1,8 @@
+function Remove-Public-Desktop-Icons
+{
+    $computername = Read-Host 'Enter the name of the computer'
+    Remove-Item \\$computername\c$\users\public\desktop\*.lnk `
+      -Exclude "SAP Logon Pad.lnk"
+}
+
+Remove-Public-Desktop-Icons

scripts/template.ps1

@@ -0,0 +1,15 @@
+# load ActiveDirectory module
+Try
+{
+    Import-Module ActiveDirectory -ErrorAction Stop
+}
+Catch
+{
+    Write-Warning $_
+    Break
+}
+
+function Show-Menu
+{
+
+}

scripts/users/get-lockout-location.ps1

@@ -0,0 +1,154 @@
+#Requires -Version 2.0
+Function Get-LockedOutLocation
+{
+<#
+.SYNOPSIS
+    This function will locate the computer that processed a failed
+    user logon attempt which caused the user account to become locked
+    out.
+
+.DESCRIPTION
+    This function will locate the computer that processed a failed
+    user logon attempt which caused the user account to become locked
+    out. The locked out location is found by querying the PDC Emulator
+    for locked out events (4740). The function will display the
+    BadPasswordTime attribute on all of the domain controllers to add
+    in further troubleshooting.
+
+.EXAMPLE
+    PS C:\>Get-LockedOutLocation -Identity Joe.Davis
+
+
+    This example will find the locked out location for Joe Davis.
+.NOTE
+    This function is only compatible with an environment where the
+    domain controller with the PDCe role to be running Windows Server
+    2008 SP2 and up. The script is also dependent the ActiveDirectory
+    PowerShell module, which requires the AD Web services to be
+    running on at least one domain controller. Author:Jason Walker
+    Last Modified: 3/20/2013
+#>
+    [CmdletBinding()]
+
+    Param(
+      [Parameter(Mandatory=$True)]
+      [String]$Identity
+    )
+
+    Begin
+    {
+        $DCCounter = 0
+        $LockedOutStats = @()
+
+        Try
+        {
+            Import-Module ActiveDirectory -ErrorAction Stop
+        }
+        Catch
+        {
+           Write-Warning $_
+           Break
+        }
+    }#end begin
+
+    Process
+    {
+
+        #Get all domain controllers in domain
+        cls
+        $DomainControllers = Get-ADDomainController -Filter *
+        $PDCEmulator = (
+            $DomainControllers | Where-Object
+            {
+                $_.OperationMasterRoles -contains "PDCEmulator"
+            }
+        )
+
+        Write-Verbose "Finding the domain controllers in the domain"
+        Foreach ($DC in $DomainControllers)
+        {
+            $DCCounter++
+            Write-Progress -Activity "Contacting DCs for lockout info" `
+              -Status "Querying $($DC.Hostname)" `
+              -PercentComplete (($DCCounter/$DomainControllers.Count) * 100)
+            Try
+            {
+                $UserInfo = Get-ADUser -Identity $Identity `
+                  -Server $DC.Hostname `
+                  -Properties AccountLockoutTime,`
+                              LastBadPasswordAttempt,`
+                              BadPwdCount,`
+                              LockedOut
+                  -ErrorAction Stop
+            }
+            Catch
+            {
+                Write-Warning $_
+                Continue
+            }
+            If($UserInfo.LastBadPasswordAttempt)
+            {
+                $LockedOutStats += New-Object -TypeName PSObject -Property @{
+                    Name                   = $UserInfo.SamAccountName
+                    SID                    = $UserInfo.SID.Value
+                    LockedOut              = $UserInfo.LockedOut
+                    BadPwdCount            = $UserInfo.BadPwdCount
+                    BadPasswordTime        = $UserInfo.BadPasswordTime
+                    DomainController       = $DC.Hostname
+                    AccountLockoutTime     = $UserInfo.AccountLockoutTime
+                    LastBadPasswordAttempt = `
+                      ($UserInfo.LastBadPasswordAttempt).ToLocalTime()
+                }
+            }#end if
+        }#end foreach DCs
+        $LockedOutStats | Format-Table -Property Name,`
+          LockedOut,`
+          DomainController,`
+          BadPwdCount,`
+          AccountLockoutTime,`
+          LastBadPasswordAttempt `
+          -AutoSize
+
+        #Get User Info
+        Try
+        {
+            Write-Verbose "Querying event log on $($PDCEmulator.HostName)"
+            $LockedOutEvents = Get-WinEvent -ComputerName $PDCEmulator.HostName`
+              -FilterHashtable @{LogName='Security';Id=4740} `
+              -ErrorAction Stop | Sort-Object `
+                -Property TimeCreated
+                -Descending
+        }
+        Catch
+        {
+           Write-Warning $_
+           Continue
+        }#end catch
+        Foreach($Event in $LockedOutEvents)
+        {
+           If($Event | Where {$_.Properties[2].value -match $UserInfo.SID.Value})
+           {
+               $Event | Select-Object -Property `
+                 @(
+                     @{Label = 'User';  Expression = {$_.Properties[0].Value}}
+                     @{Label = 'DomainController';   Expression = {$_.MachineName}}
+                     @{Label = 'EventId';            Expression = {$_.Id}}
+                     @{Label = 'LockedOutTimeStamp'; Expression = {$_.TimeCreated}}
+                     @{Label = 'Message';            Expression = {$_.Message `
+                       -split "`r" | Select -First 1}}
+                     @{Label = 'LockedOutLocation';  Expression =
+                        {
+                           $_.Properties[1].Value
+                        }
+                      }
+              )
+            }#end ifevent
+
+       }#end foreach lockedout event
+
+    }#end process
+
+}#end function
+
+$username = Read-Host 'Please enter a username'
+Get-LockedOutLocation -Identity $username

scripts/users/reset-password.ps1

@@ -0,0 +1,24 @@
+# load ActiveDirectory module
+Try
+{
+    Import-Module ActiveDirectory -ErrorAction Stop
+}
+Catch
+{
+    Write-Warning $_
+    Break
+}
+
+function Reset-Password
+{
+    $username = Read-Host 'Please enter a user name'
+    $default_password = 'default-password'
+    Unlock-ADAccount -Identity $username
+    Set-ADAccountPassword -Identity $username `
+      -Reset -NewPassword
+      (
+          ConvertTo-SecureString -AsPlainText $default_password -Force
+      )
+    Set-ADuser $username -ChangePasswordAtLogon $True
+}
+

scripts/users/unlock-account.ps1

@@ -0,0 +1,29 @@
+# load ActiveDirectory module
+Try
+{
+    Import-Module ActiveDirectory -ErrorAction Stop
+}
+Catch
+{
+    Write-Warning $_
+    Break
+}
+
+function Unlock-Account
+{
+    $username = Read-Host 'Please enter a user name'
+    Try
+    {
+        Unlock-ADAccount -Identity $username -ErrorAction Stop
+        Write-Host $username ' unlocked' -backgroundcolor green
+    }
+    Catch
+    {
+        Write-Warning $_
+        Read-Host 'Press a key to quit'
+        Break
+    }
+    Read-Host 'Press a key to quit'
+}
+
+Unlock-Account