I have the below working script, though would like to pick some experts brains please.
A)Is there anything wrong, i.e, can I cause harm/damage if I am running the "Unlock-AD" if the actual account isn't even locked?
eg, should it include something like - If Username is locked, then Unlock?
B)Is the below formatting OK, or is there a better "Preferred/Recommended" way I should be using?
C)As I work in 1st/2nd Line Support I often get calls for AD unlocks, any other suggestions I should be running this script to make it more efficient
eg, does anyone use a script to search for surname and first name to pick up female name changes etc instead of by username or how else do others do their environment?
$Credentials = Get-Credential $UserName = Read-Host "Enter in the Username to check"
Get-ADUser $UserName -Properties Displayname, LockedOut, badPwdCount, AccountLockoutTime, PasswordExpired `
| Select-Object -Property Displayname, LockedOut, badPwdCount, AccountLockoutTime, PasswordExpired
Unlock-ADAccount $UserName -Credential $Credentials