Active Directory User Unlock Tool
Quickly find and unlock user accounts, reset passwords and troubleshoot account lockouts
Find Locked Accounts
With a click of the button, you can display all locked user accounts and then choose to unlock them or reset their passwords. You can search for all locked users or check the status of a single user account. This tool is the fastest and quickest way to unlock user accounts.
Another frequent call to the helpdesk is to reset user passwords. The user unlock tool includes the ability to quickly pull up a user account and reset the user's password. The reset password option allows you to randomly generate a password, manually create a new password and set the password to change at the next logon.
Sometimes there are accounts that keep getting locked out. This can be very frustrating for the user and helpdesk. Most of the time the source of the lockout is logged in the event logs on the domain controllers. When you click on the details button this tool will retrieve those logs to display additional details such as source computer, bad password count, bad password time, domain controller and account lockout time. This can be a huge time saver to finding the source or repeated lockouts.
How Does it Work?
The User unlock tool is very easy to use.
Step 1: Open Tool
Click User-Unlock.bat to open the tool
Step 2: Click The Find Button
To display all locked users click the find button
With all the locked users displayed just select an account and click the unlock button.
When you click the unlock button a message will be displayed that the user has been unlocked
Example 2: Troubleshoot Account Lockouts (Find source computer)
To troubleshoot account lockouts just select an account and click the details button.
In the above screenshot, I clicked details for the test.user2 account. This will query the event logs on the domain controller and pull back the lockout event and the source computer of the lockout.
In addition to the source computer, it will display if an account is currently locked out, bad password count, bad password time, domain controller and account lockout time.
This will require rights to view the logs on the domain controller.
Example 3: Quickly Reset Passwords
You can either reset the current locked user or search for a user to reset.
- The Microsoft RSAT tools must be installed if running on a remote computer such as Windows 10.
- The user running this tool will need rights to unlock and reset accounts
- The details option requires rights to view the logs on domain controllers. This can be delegated to staff rather than providing them domain admin rights.
- The source computer requires the auditing logs to be enabled on the domain controllers.