In this tutorial, I’ll show you how to quickly unlock AD User accounts with PowerShell.

I’ve included examples for unlocking a single user account and unlocking all locked users at once.

These PowerShell commands require the ActiveDirectory module to be installed. It’s best that you install the RSAT tools on the computer that you want to run these commands from. This will prevent the need to load the module everytime you need to run Active Directory related PowerShell commands.

Let’s jump right into some examples!

Unlock AD User by samAccountName with Powershell

Unlock-ADAccount -Identity samAccountName

The above command will unlock a single user by their samAccountName, this is the same value as the user’s logon name.

Let’s walk through an example.

A user Same Walker calls helpdesk and says he is locked out. To verify or see who is locked out you can run this command.

Search-ADAccount -lockedout | Select-Object Name, SamAccountName

This will list all locked accounts and display the user’s full name and SamAccount Name

You can see in the screenshot above that Sam Walker is locked out. Now to unlock this account I will run the command below using the SamAcountName

Unlock-ADAccount -Identity swalker

You can see in the screenshot below that the command returns nothing, it does this if the account is locked or not. So, unfortunately, this doesn’t really confirm it was unlocked.

The only thing you can do to confirm is to list the locked accounts again.

You can see when I run it again Sam Walker is no longer listed. It’s confirmed that I unlocked his account.

Unlock All AD Users with PowerShell

This command will search Active Directory for all locked accounts and automatically unlocked them all.

Tip: If you keep having repeated accounts locked out you should investigate why before unlocking them all. You can check out this how to guide for troubleshooting account lockouts and track down the source of lockout events.

Search-ADAccount -Lockedout | Unlock-AdAccount

In this example I have locked three accounts, I’ll use the Search-ADAccount command to list all the locked accounts.

Know to unlock all the accounts at once I just add | Unlock-AddAccount to the end of the search command, example screenshot below.

I’ll run Search-AdAccount -lockout again to confirm all the accounts where unlocked.

You can see above that no accounts are listed.

Again I would be cautious about unlocking all the user accounts at once. Accounts are locked out for a reason (multiple bad password attempts) so unless you know exactly whats going on be careful with this one.

Unlock All AD Users with Confirmation First

This command is the same as the previous example but it adds a confirmation for each account to unlock. This is helpful so you can unlock accounts in bulk but still confirm each one at a time.

Search-ADAccount -Lockedout | Unlock-AdAccount -Confirm

Here is what this looks like

Try these commands out and let me know how they work by leaving a comment below.

Related: How to Get AD Users Password Expiration Date

Recommended Tool: SolarWinds Server & Application Monitor (SAM)

This utility was designed to Monitor Active Directory and other critical applications. It will quickly spot domain controller issues, prevent replication failures, track failed logon attempts and much more.

What I like best about SAM is it’s easy to use dashboard and alerting features. It also has the ability to monitor virtual machines and storage.

Download Your Free Trial of SolarWinds Server & Application Monitor. 


  1. Luca on March 22, 2019 at 11:28 am

    many thanks Roberts, it helped me a lot. Luca

    • Robert Allen on March 29, 2019 at 12:08 am


      No problem

  2. Larry Timmins on April 25, 2019 at 4:46 pm

    Good review. I do something similar but qualify so I only unlock Enabled accounts in AD (accounts are disabled for a reason typically).

    search-adaccount -usersonly -lockedout | where {$_.Enabled -eq $true} | Unlock-ADAccount

    I also extend this to prevent unlocking enabled but general accounts like “student” managed by help desk such as:

    search-adaccount -usersonly -lockedout | where {$_.Enabled -eq $true} | where {$_.samAccountName -notlike “STUDENT*”} | Unlock-ADAccount

    My next step will be to restrict this so the Powershell based GUI displays an unlock button for the groups I want the gui to manage.

    More on GUIs at

    All the best Larry

    • Robert Allen on May 2, 2019 at 11:37 pm

      Filtering on enabled accounts is a good tip. Thanks Larry

  3. Erik on November 29, 2019 at 10:51 pm

    Hello, is there a way with this command “Search-ADAccount -Lockedout | Unlock-AdAccount”
    to exclude few specific users? For exaple exclude user1, user2, user3 (not using confirm)?

Leave a Comment