An Active Directory account may be automatically locked, if the domain's security policy has been configured to lock accounts after a number of unsuccessful logon attempts.If an account has been locked out, the lockouttime attribute will contain a Win32 time value that indicates when the account was locked.
An easy way to search for locked out accounts is an LDAP query similar to
(&(objectClass=user)(lockoutTime=>0))
You can integrate this query in the saved queries of your Active Directory Users and Computers MMC.
Description
The following script will use PowerShell to generate a WinForm and give you the ability to unlock account right from the interface. The goal is to do something simple and functional, nothing fancy.
The GUI was created using PowerShell Studio from SAPIEN. You can try this tool by going on Sapien.com
No Module Required
The beautiful part of it is that no Active Directory Module or Quest Active Directory Snapin are required
In my case I used ADSI: [ADSISearcher]
If you want to know more about ADSISearcher check this article from the Scripting Guy
Graphical User Interface
 |
| Under Windows 8 |
How to run the script ?
Invoking the script from a PowerShell will do it. Make sure you run this with an account that have the privileges to unlock accounts.
Download
This script is available on Technet
Thanks for reading! ;-)
Comments are welcome or you can reach me at the email below
-FX-
No comments:
Post a Comment