/build/static/layout/Breadcrumb_cap_w.png

Scripting/Ticketing - Active Directory Accounts

I am very new to Kace and trying to get my feet wet. Does anyone know if there is a way to create a script that is ticket generated to unlock user accounts in Active Directory? I want the end user to be able to go to the support desk portal, enter a ticket and unlock thier own AD accounts. Has this been done before or does anyone know how it could be done? Thanks
Asked 12 years ago 2882 views
0 Comments   [ + ] Show comments

Answers (1)

Posted by: airwolf 12 years ago
Red Belt
0
Help Desk automation comes from custom ticket rules, and I don't know of any way to trigger something like this from a ticket rule. You could use the Software Library to allow end-users to run scripts, but the unlock and variable management (i.e. username variable assignment) would have to be done by your custom script (e.g. VBS, AutoIt, PowerShell, etc.). For example, you could setup a script with embedded credentials with the power to unlock accounts. The script would need to detect the logged on user on the machine running the script and then pass that to the command for unlock. However, the Software Library would only work if the user could log on to their machine. You could setup a script that could run from any machine and prompt the user for their account name, but then you run the risk of anybody being able to unlock anybody else's account.

This may seem like a simple problem, but the solution is anything but. Also, if you use LDAP authentication then the KBOX can do nothing for this, because if an account is locked out you can't authenticate to KBOX either.
Comments:
  • The command that could be run would be net user "username" /Domain /active:Yes This would make the AD account active again. I think the trick here is first to substitute "username" with the account name of the locked user and second create a ticket rule that another user could enter for the locked user that would trip the whole thing off.

    Say create a ticket rule that looks for Account locked in the title. You could then tell the users to put the username after. Have the ticket rule take the third word in the title and use it in the script.

    Unfortunately I don't know the product well enough to pull this off but I would use this in my environment if someone could find a way to stitch it together. - bilbogallant 10 years ago
Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Posted by:

kshirley Senior Yellow Belt
Ninja since: 12 years ago

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

View more:

KACE Product Support Questions
question

Related Questions

Link

Related Links

Post

Related Posts

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ