Today I’m going to show you 2 simple ways to find all locked user accounts in Active Directory. When you have a large Active Directory database with hundreds or thousands of users it can be a challenge hunting down locked accounts. These methods can also be useful in auditing and monitoring Active Directory accounts.

Last Logon Time

In this post, I’m going to show you three simple methods for finding active directory users last logon date and time. Every time you log into a computer that is connected to Active Directory it stores that users last logon date and time into a user attribute called lastlogon. Let’s check out some examples on how…

Account Lockout Tool

I think we can all agree, troubleshooting random account lockouts can be a major pain.

A user calls helpdesk, you unlock their account, 5 minutes later they call again with another lockout. At this point, everyone is frustrated and no one knows what the heck is causing the lockouts.

I’ve got good news.

There are account lockout tools that can assist and quickly tracking down the source of the issue.

In this post, I’ll walk you through the exact step by step process I use for tracking down the source of random account lockouts.

Setting user accounts password to never expire is not recommended and can be a security risk. There are times when this can’t be avoided such as using a service account. Many vendors require a service to run under a service account that has a non expiring password. For regular user accounts, it’s best practice to…

There may be times you need to find or report on disabled Active Directory user accounts. It’s best practice to do regular maintenance on AD objects and remove disabled or inactive objects (after verifying they are no longer needed of course). In this post, I will walk through three methods for finding disabled user accounts.

Active Directory contains five roles called Flexible Single Master Operation Roles (FSMO), these roles are required for the domain controllers to function correctly. During the first domain controller installation, the FSMO roles are installed automatically. In most cases they can be left alone, but there are times when they need to be moved such as…