1

I am having some difficulties with my Powershell script. With this script I am able to enable disabled AD accounts. It works, but I am receiving the wrong output. Accounts got enabled, but still receive the output from the else statement 'Account has not been enabled'. Anyone who can help me? Thanks!

Add-Type -AssemblyName System.Windows.Forms

$SystemInfoForm = New-Object System.Windows.Forms.Form
$SystemInfoForm.ClientSize = "300,100"
$SystemInfoForm.Text = "Enable AD Accounts"
$SystemInfoForm.BackColor = "#ffffff"
$SystemInfoForm.StartPosition = "CenterScreen"

$objIcon = New-Object system.drawing.icon ("C:\Temp\System Info.ico")
$SystemInfoForm.Icon = $objIcon

$label = New-Object System.Windows.Forms.Label
$label.Location = New-Object System.Drawing.Point(10,20)
$label.Size = New-Object System.Drawing.Size(280,20)
$label.Text = 'Please enter the disabled AD account below:'
$SystemInfoForm.Controls.Add($label)

$textBox = New-Object System.Windows.Forms.TextBox
$textBox.Location = New-Object System.Drawing.Point(10,40)
$textBox.Size = New-Object System.Drawing.Size(260,20)
$textBox.Text = "Enter AD account..."
$SystemInfoForm.Controls.Add($textBox)

$okButton = New-Object System.Windows.Forms.Button
$okButton.Location = New-Object System.Drawing.Point(10,70)
$okButton.Size = New-Object System.Drawing.Size(75,23)
$okButton.Text = 'OK'
$okButton.DialogResult = [System.Windows.Forms.DialogResult]::OK
$okButton.Add_Click(
    {
        $Username = $textBox.Text

        if (Search-ADAccount -AccountDisabled | Where-Object {($_.SamAccountName -eq "$Username")} | Enable-ADAccount)
        {
            [System.Windows.MessageBox]::Show("$Username has been enabled.")
        }
        else
        {
            [System.Windows.MessageBox]::Show("$Username has not been enabled.")
        }
    }
)

$SystemInfoForm.Controls.Add($okButton)

[void]$SystemInfoForm.ShowDialog()

Regards, Ralph

Improve this question
1
  • Enable-ADAccount - "By default, this cmdlet does not generate any output." Microsoft Docs Commented Mar 24, 2020 at 19:17

1 Answer 1

Reset to default
3

Enable-ADAccount doesn't return any output by default, so the entire pipeline expression: 

Search-ADAccount -AccountDisabled | Where-Object {($_.SamAccountName -eq "$Username")} | Enable-ADAccount

... will evaluate to nothing - and all of that nothing evaluates to $false in your if condition.

Use a try/catch block to catch errors from Enable-ADAccount and then alert the based on that:

try {
    Search-ADAccount -AccountDisabled | Where-Object {($_.SamAccountName -eq "$Username")} | Enable-ADAccount -ErrorAction Stop

    # We got this far because Enable-ADAccount didn't throw any errors
    [System.Windows.MessageBox]::Show("$Username has been enabled.")
}
catch {
    [System.Windows.MessageBox]::Show("$Username has not been enabled.")
}

Alternatively use the -PassThru switch with Enable-ADAccount to have it return the account, then inspect that:

$enabledAccount = Search-ADAccount -AccountDisabled | Where-Object {($_.SamAccountName -eq "$Username")} | Enable-ADAccount -PassThru

if($enabledAccount.Enabled){
    [System.Windows.MessageBox]::Show("$Username has been enabled.")
}
else {
    [System.Windows.MessageBox]::Show("$Username has not been enabled.")
}
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks Mathias! The -PassThru option is exactly what I need. Thanks.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.