param( [string]$username = "" )

[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.VisualBasic")

# If a username hasn't been provided via cmd line, GUI prompt
IF ($username -eq ""){
# Domain name prompt
$userTitle = 'Username'
$userMsg = 'Enter the sAMAccountName of the user to unblock (no "domain\user" or "user@domain.local", just "user")'
$userDefault = $env:UserName
$username = [Microsoft.VisualBasic.Interaction]::InputBox($userMsg, $userTitle, $userDefault)
}

# Exit if user presses the cancel button or enters no string
IF ($username -eq ""){ EXIT }

# Make sure there's no domain declared
$separatorSlash = $username.IndexOf("\")
$separatorSlash++

# If user is in the format of domain\username remove the domain
IF ($separatorSlash -gt 0){$username = $username.Substring($separatorSlash)}

$separatorAt = $username.IndexOf("@")
$separatorAt++

# If user is in the format of username@domain.local remove the domain
IF ($separatorAt -gt 0){$username = $username.Substring(0,$separatorAt)}


Import-Module ActiveDirectory

# Enable the user in Active Directory
Enable-ADAccount -Identity $username

# Remove the Deny permissions for the user on all local shares
Get-SmbShare -Special $false | ForEach-Object {
    Unblock-SmbShareAccess -Name $_.Name -AccountName "$username" -Force
}