locked
Unlock bulk AD accounts RRS feed

  • Question

  • Hi Team - In my company there are different site level OUs within a forest, consider XYZ.com as forest/ root domain and abc as my site level OU.

    I am getting bored unlocking AD accounts one by one from ADUC as this is time consuming so I need help in developing a script by which i can unlock all the requested domain id at one go. I require a script which will unlock the domain ids using my domain credential and will fetch the details of lockout domain from a notepad or excel file.

    Please help.

    • Moved by Bill_Stewart Friday, November 28, 2014 5:21 PM This is not "scripts on demand"
    Sunday, November 2, 2014 11:49 PM

Answers

All replies

  • Hi,

    You can use Search-ADAccount with the -LockedOut switch and Unlock-ADAccount:

    http://ss64.com/ps/search-adaccount.html

    http://ss64.com/ps/unlock-adaccount.html

    Let us know if you have any specific questions.


    Don't retire TechNet! - (Don't give up yet - 13,085+ strong and growing)

    • Proposed as answer by jrv Monday, November 3, 2014 6:35 PM
    • Marked as answer by Just Karl Wednesday, April 15, 2015 9:18 PM
    Sunday, November 2, 2014 11:57 PM
  • Usually policy should be set such that accounts would unlock by themselves automatically after a set amount of time. In this way you don't need a script. (If that policy isn't set, you've got a very nice way to provoke a denial of service.)

    The other question is: What's locking out so many accounts? I would investigate the root cause.


    -- Bill Stewart [Bill_Stewart]


    Monday, November 3, 2014 1:19 AM
  • Domain sharing and trying with incorrect password is the root cause for this and this can't be stop as we have to support smooth running of operations.


    Monday, November 3, 2014 6:27 PM
  • I'm little weak in scripting so can you help in making a script as per my requirement
    Monday, November 3, 2014 6:27 PM
  • I'm little weak in scripting so can you help in making a script as per my requirement

    We don't write scripts on spec.

    Passwords unlock automatically after 15 minutes. Tell users to wait 15 minutes before trying again.

    You can also purchase software that will accomplish self-serv password maintenance.

    If you really need this then you will need to contact a consultant to help you.

    Mike gave you the answer above. If you cannot understand how to use it there is not much that we can do.


    ¯\_(ツ)_/¯

    Monday, November 3, 2014 6:35 PM