1

I am having some difficulties with my Powershell script. With this script I am able to enable disabled AD accounts. It works, but I am receiving the wrong output. Accounts got enabled, but still receive the output from the else statement 'Account has not been enabled'. Anyone who can help me? Thanks!

Add-Type -AssemblyName System.Windows.Forms

$SystemInfoForm = New-Object System.Windows.Forms.Form
$SystemInfoForm.ClientSize = "300,100"
$SystemInfoForm.Text = "Enable AD Accounts"
$SystemInfoForm.BackColor = "#ffffff"
$SystemInfoForm.StartPosition = "CenterScreen"

$objIcon = New-Object system.drawing.icon ("C:\Temp\System Info.ico")
$SystemInfoForm.Icon = $objIcon

$label = New-Object System.Windows.Forms.Label
$label.Location = New-Object System.Drawing.Point(10,20)
$label.Size = New-Object System.Drawing.Size(280,20)
$label.Text = 'Please enter the disabled AD account below:'
$SystemInfoForm.Controls.Add($label)

$textBox = New-Object System.Windows.Forms.TextBox
$textBox.Location = New-Object System.Drawing.Point(10,40)
$textBox.Size = New-Object System.Drawing.Size(260,20)
$textBox.Text = "Enter AD account..."
$SystemInfoForm.Controls.Add($textBox)

$okButton = New-Object System.Windows.Forms.Button
$okButton.Location = New-Object System.Drawing.Point(10,70)
$okButton.Size = New-Object System.Drawing.Size(75,23)
$okButton.Text = 'OK'
$okButton.DialogResult = [System.Windows.Forms.DialogResult]::OK
$okButton.Add_Click(
    {
        $Username = $textBox.Text

        if (Search-ADAccount -AccountDisabled | Where-Object {($_.SamAccountName -eq "$Username")} | Enable-ADAccount)
        {
            [System.Windows.MessageBox]::Show("$Username has been enabled.")
        }
        else
        {
            [System.Windows.MessageBox]::Show("$Username has not been enabled.")
        }
    }
)

$SystemInfoForm.Controls.Add($okButton)

[void]$SystemInfoForm.ShowDialog()

Regards, Ralph

Improve this question
1
  • Enable-ADAccount - "By default, this cmdlet does not generate any output." Microsoft Docs Commented Mar 24, 2020 at 19:17

1 Answer 1

Reset to default
3

Enable-ADAccount doesn't return any output by default, so the entire pipeline expression: 

Search-ADAccount -AccountDisabled | Where-Object {($_.SamAccountName -eq "$Username")} | Enable-ADAccount

... will evaluate to nothing - and all of that nothing evaluates to $false in your if condition.

Use a try/catch block to catch errors from Enable-ADAccount and then alert the based on that:

try {
    Search-ADAccount -AccountDisabled | Where-Object {($_.SamAccountName -eq "$Username")} | Enable-ADAccount -ErrorAction Stop

    # We got this far because Enable-ADAccount didn't throw any errors
    [System.Windows.MessageBox]::Show("$Username has been enabled.")
}
catch {
    [System.Windows.MessageBox]::Show("$Username has not been enabled.")
}

Alternatively use the -PassThru switch with Enable-ADAccount to have it return the account, then inspect that:

$enabledAccount = Search-ADAccount -AccountDisabled | Where-Object {($_.SamAccountName -eq "$Username")} | Enable-ADAccount -PassThru

if($enabledAccount.Enabled){
    [System.Windows.MessageBox]::Show("$Username has been enabled.")
}
else {
    [System.Windows.MessageBox]::Show("$Username has not been enabled.")
}
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks Mathias! The -PassThru option is exactly what I need. Thanks.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.