Search for locked AD accounts
Windows Update Repair and Restore
11/25/2020Gathering Local System Information
12/01/2020
Answer: You bet there is! You can search and unlock AD accounts with a one line command. Let’s begin!
Search for and unlock AD accounts
To start you will need to open PowerShell as an Administrator that has access to unlock accounts. Next, you will need to install the Active Directory Module. On Windows Server, this is already installed. If you install RSAT for Windows 10 it is also already installed. Otherwise, you can run the following command in PowerShell to install the module.
Import-Module ActiveDirectory
What is the Active Directory Module?
The Active Directory module for PowerShell is a PowerShell module that consolidates a group of cmdlets. You can use these cmdlets to manage your Active Directory domains, Active Directory Lightweight Directory Services (AD LDS) configuration sets, and Active Directory Database Mounting Tool instances in a single, self-contained package.
Once the ActiveDirectory Module is installed we can continue with the rest of the command. To find all AD accounts locked out type the following:
Search-ADAccount –LockedOut
Above will list all accounts locked out of Active Directory. This is a very nice, fast output of every account that is locked out. Now how do we manipulate this data? Yes that is right, this data alone is only part of the work involved. Now we need to manipulate this data and make the data work for us instead of the other way around.
What I like to do is throw this into a variable. Like below:
$locked = Search-ADAccount –LockedOut
Next:
Now the variable $locked holds all of the data we want to see. All of the accounts that are locked out.
Now we can do a foreach off $locked like so;
foreach ($l in $locked)
{
Write-Host $locked.Name is locked.
}
That’s great and all, but how does this also unlock the account? This answer is rather simple. It doesn’t. The next line does that. Remember we want this data to work for us.
Search-ADAccount -LockedOut | Unlock-ADAccount
Search for and unlock AD accounts Putting it all together:
Let’s put it all together for you below.
