16.4. Unlocking a User

Problem

You want to unlock a locked-out user.

Solution

Using a graphical user interface

  1. Open the ADUC snap-in.

  2. In the left pane, right-click on the domain and select Find.

  3. Select the appropriate domain beside In.

  4. Type the name of the user beside Name and click Find Now.

  5. In the Search Results, right-click on the user and select Unlock.

  6. Click OK.

Using a command-line interface

Joe Richards has written a tool called unlock that lets you find locked out users and unlock them in one shot. The following command displays all locked out accounts on the default domain controller:

> unlock . * -view

The following command unlocks the user rallen on dc01:

> unlock dc01 rallen

This command unlocks all locked users on the default domain controller:

> unlock . *

You can download unlock from http://www.joeware.net/win/free/tools/unlock.htm.

Using VBScript

' This code unlocks a locked user.
' ------ SCRIPT CONFIGURATION ------
strUsername = "<UserName>"        ' e.g., jsmith
strDomain = "<NetBiosDomainName>" ' e.g., RALLENCORP
' ------ END CONFIGURATION ---------
   
set objUser = GetObject("WinNT://" & strDomain & "/" & strUsername)
if objUser.IsAccountLocked = TRUE then
   objUser.IsAccountLocked = FALSE
   objUser.SetInfo
   WScript.Echo "Account unlocked"
else
   WScript.Echo "Account not locked"
end if

Discussion

If you've enabled account lockouts in a domain (see Recipe 16.7), users will inevitably get locked out. A user can get locked out for a number of reasons, but generally it is either because a user ...

Get Windows Server Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.