16.4. Unlocking a User
You want to unlock a locked-out user.
Using a graphical user interface
Open the ADUC snap-in.
In the left pane, right-click on the domain and select Find.
Select the appropriate domain beside In.
Type the name of the user beside Name and click Find Now.
In the Search Results, right-click on the user and select Unlock.
Using a command-line interface
Joe Richards has written a tool called unlock that lets you find locked out users and unlock them in one shot. The following command displays all locked out accounts on the default domain controller:
> unlock . * -view
The following command unlocks the user rallen on dc01:
> unlock dc01 rallen
This command unlocks all locked users on the default domain controller:
> unlock . *
You can download unlock from http://www.joeware.net/win/free/tools/unlock.htm.
' This code unlocks a locked user. ' ------ SCRIPT CONFIGURATION ------ strUsername = "
<UserName>" ' e.g., jsmith strDomain = "
<NetBiosDomainName>" ' e.g., RALLENCORP ' ------ END CONFIGURATION --------- set objUser = GetObject("WinNT://" & strDomain & "/" & strUsername) if objUser.IsAccountLocked = TRUE then objUser.IsAccountLocked = FALSE objUser.SetInfo WScript.Echo "Account unlocked" else WScript.Echo "Account not locked" end if
If you've enabled account lockouts in a domain (see Recipe 16.7), users will inevitably get locked out. A user can get locked out for a number of reasons, but generally it is either because a user ...