Active DirectoryPowerShell

How to Unlock User Accounts with PowerShell

In this post I will show you how to quickly unlock AD User accounts with PowerShell. On a daily basis many admins use the Active Directory users and computers to unlock users accounts. This is because they either find it easy or maybe using PowerShell is too complex for them.

So if you get to know that an user account is locked, how do you unlock an account using ADUC ?. You launch ADUC first, find the user, right click user account and click Properties. And then under Account tab, you select Unlock Account.

However using PowerShell you can unlock user accounts much quicker than usual method. In this post I have included examples for finding the account locked status and unlocking a single user account. In addition to that I have also included information on unlocking all locked user accounts at once.

Prerequisites

  • Since we are going to use the PowerShell to unlock AD accounts, ensure you install the Active Directory module first.
  • You need not login to domain controller to unlock an account. Install the RSAT tools on the computer so that you can run the commands from your computer.
  • On a Windows Server, you can install Active Directory module for Windows PowerShell feature via Server Manager > Features. You can also use Add-WindowsFeature RSAT-AD-Powershell command.

Unlock-ADAccount cmdlet

The Unlock-ADAccount cmdlet is the one that we will use to unlock user accounts in active directory. The Unlock-ADAccount cmdlet restores Active Directory Domain Services (AD DS) access for an account that is locked. You can read more about the Unlock-AdAccount cmdlet here.

Unlock-ADAccount cmdlet

Install Active Directory Module for PowerShell

ActiveDirectory isn’t actually available from any default repositories, and is now part of the RSAT windows features. To install the Active Directory module, start PowerShell in an elevated prompt and run the below command.

Add-WindowsFeature RSAT-AD-Powershell

Install Active Directory Module for PowerShell

Confirm AD User Account Lockout

We have installed Active Directory PowerShell module. Run the below command to display account lockout status of specific user account.

Get-ADUser -Identity 'username' -Properties LockedOut | Select-Object Name,Lockedout

As per the below screenshot, an user account is locked. The LockedOut status True means the account is locked.

How to Unlock User Accounts with PowerShell

Unlock AD User Accounts using Unlock-ADAccount

To unlock an user account, run the below PowerShell command.

Unlock-ADAccount -Identity 'username'

After you run the above command, run the Get-ADUser command again to verify if the account is unlocked.

The Lockedout status for user name Prajwal shows False meaning, it isn’t locked.

How to Unlock User Accounts with PowerShell

Find All Locked AD User Accounts using PowerShell

In the above examples we executed the Get-ADuser command to find the account lock status for a specific user. How about running a single PowerShell command to find all the user accounts that are locked in your AD.

Search-ADAccount -lockedout | Select-Object Name, SamAccountName

Running the above command lists all the user accounts that are locked. I have got two accounts that are currently locked.

find AD user account lock status

Unlock All AD User Accounts using PowerShell

In the above step we found all the accounts in our AD that are locked. To unlock all the AD user accounts, you can run the below PowerShell command.

Search-ADAccount -Lockedout | Unlock-AdAccount

Finally run the below command to confirm if all the user accounts are now unlocked. If you don’t see any results, it means no user accounts are locked.

Search-ADAccount -lockedout | Select-Object Name, SamAccountName

Unlock All AD user accounts using PowerShell

Prajwal Desai

Hi, I am Prajwal Desai. For last few years I have been working on multiple technologies such as SCCM / Configuration Manager, Intune, Azure, Security etc. I created this site so that I can share valuable information with everyone.

Related Articles

One Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button