2 Simple Ways to Find All Locked User Accounts in Active Directory

Today I’m going to show you 2 simple ways to find all locked user accounts in Active Directory. When you have a large Active Directory database with hundreds or thousands of users it can be a challenge hunting down locked accounts.

These methods can also be useful in auditing and monitoring Active Directory accounts.

Recommended Tool: SolarWinds Admin Bundle for Active Directory

3 Free tools, find inactive user or computer accounts  and quickly bulk import new user accounts.

Download your free copy of Admin Bundle for Active Directory

Do you have user accounts that repeatedly lockout? Need help tracking down the source of account lockouts? Then check out my guide to the Microsoft Account Lockout Tool. It has step by step instructions for tracking down the source of account lockouts.

Unlocking and resetting user accounts is one of the top requests helpdesk deal with daily. It’s common for helpdesk to open Active Directory Users and Computers, search for the locked account then go to the account tab to see if they are locked.

I’ll show you two methods that are 10X faster.

I have provided the steps in this article to my company’s helpdesk staff and they have been thrilled with how much faster it is to help the end users.

As a network and system administrator, I also use these methods to audit account usage. If I see an unusual number of users being locked out, then something suspicious may be going on.

Saved queries is a function in the Active Directory users and Computers MMC. It lets you create and save queries that can be used later.

1. Open Active Directory Users and Computers

2. Rick click “Saved Queries” then select “New” then “Query”

3. Name the Query

In this example I named it “All Locked out User Accounts”

4. Click “Define Query”

5. Select “Custom Search”

Click the “Advanced tab”

6.In the box copy and paste this query string below

(&(objectCategory=Person)(objectClass=User)(lockoutTime>=1))

Then click “OK”

You will now have a saved query that can be used over and over again.

That’s how you create a saved query to find locked accounts. This query will be saved and used repeatedly to find locked accounts.

Methods 2: PowerShell

Using PowerShell to find all the locked user accounts is a simple command.

1. Open PowerShell

2. From the PowerShell command line type the following command:

Search-ADAccount -LockedOut

You can see this returns the same users as my saved query.

Both methods are great for quickly finding all the locked accounts in Active Directory. Either method will make administration more efficient and may reveal some suspicious activity in AD.

If you found this to be helpful please share this post.

If you have comments or questions let me know I’ll be happy to answer them below.

See also:

Recommended Tool: SolarWinds Server & Application Monitor (SAM)

This utility was designed to Monitor Active Directory and other critical applications. It will quickly spot domain controller issues, prevent replication failures, track failed logon attempts and much more.

What I like best about SAM is it’s easy to use dashboard and alerting features. It also has the ability to monitor virtual machines and storage.

Download Your Free Trial of SolarWinds Server & Application Monitor. 

Leave a Comment