6.8. Unlocking a User
You want to unlock a locked out user.
Using a graphical user interface
Open the Active Directory Users and Computers snap-in.
In the left pane, right-click on the domain and select Find.
Select the appropriate domain beside In.
Type the name of the user beside Name and click Find Now.
In the Search Results, right-click on the user and select Unlock.
' This code unlocks a locked user. ' ------ SCRIPT CONFIGURATION ------ strUsername = "<
UserName>" ' e.g. jsmith strDomain = "<
NetBiosDomainName>" ' e.g. RALLENCORP ' ------ END CONFIGURATION --------- set objUser = GetObject("WinNT://" & strDomain & "/" & strUsername) if objUser.IsAccountLocked = TRUE then objUser.IsAccountLocked = FALSE objUser.SetInfo WScript.Echo "Account unlocked" else WScript.Echo "Account not locked" end if
If you’ve enabled account lockouts in a domain (see Recipe 6.11), users will inevitably get locked out. A user can get locked out for a number of reasons, but generally it is either because a user mistypes his password a number of times, or he changes his password and does not log off and log on again, or has mapped drives.
You can use ADSI’s
IADsUser::IsAccountLocked method to determine if a
user is locked out. You can set
FALSE to unlock a user. Unfortunately, there is a bug with the LDAP
provider version of this method so you have to use the WinNT provider
instead. See MS KB 250873 for more information on this bug.