Unlocking Locked Out accounts using PowerShell (not with Quest AD cmdlets)

powershell active-directory windowsdomainaccount
Jonny picture Jonny · Apr 6, 2010 · Viewed 7.1k times · Source

I'm writing a GUI tool using PowerShell that is able to do most AD related tasks with just a user name and button click. I've done all the usual ones (Create / Remove Users, Create / Remove Security & Distribution Groups, Resetting Passwords, etc) but can't find away of unlocking a "Locked Out" account.

I'm trying to do this without using Quest AD cmdlets as I want a more stand alone solution. So I'm wondering whether is possible with plain PowerShell (1.0 or 2.0) in a Windows 2003 Domain.

Many thanks.

Answer

dugas picture dugas · Apr 6, 2010

Set the lockoutTime property of the DirectoryEntry to 0.

Sample:

$x = [ADSI]'LDAP://SomeDN'
$x.lockoutTime = 0
$x.CommitChanges()
$x.Close()

Related questions

How to get all groups that a user is a member of?

PowerShell's Get-ADGroupMember cmdlet returns members of a specific group. Is there a cmdlet or property to get all the groups that a particular user is a member of? I fixed my mistake: Get-Member should be Get-ADGroupMember.

Read More
Powershell script to see currently logged in users (domain and machine) + status (active, idle, away)

I am searching for a simple command to see logged on users on server. I know this one : Get-WmiObject -Class win32_computersystem but this will not provide me the info I need. It returns : domain Manufactureer Model Name (Machine name) …

Read More
Converting LastLogon to DateTime format

My objective is to get a list of users from my domain with the following info: -Display name -Country -Manager Name -Last login date I am running the following script, and everything looks good except for the LastLogon. It outputs …

Read More