Active Directory User Unlock Tool
Quickly find and unlock user accounts, reset passwords and troubleshoot account lockouts
- Find all locked users
- Quickly unlock accounts
- Reset passwords
- Find the source of account lockouts
Find Locked Accounts
With a click of the button, you can display all locked user accounts and quickly unlock them. This tool is the fastest and quickest way to unlock user accounts.
Quickly reset the current locked user or search for an account to reset.
Display detail information about an account such as, source computer, bad password count, bad password time, domain controller and account lockout time.
How Does it Work?
The User unlock tool is very easy to use.
Step 1: Open Tool
Click User-Unlock.bat to open the tool
Step 2: Click The Find Button
To display all locked users click the find button
With all the locked users displayed just select an account and click the unlock button.
When you click the unlock button a message will be displayed that the user has been unlocked
Example 2: Troubleshoot Account Lockouts (Find source computer)
To troubleshoot account lockouts just select an account and click the details button.
In the above screenshot, I clicked details for the test.user2 account. This will query the event logs on the domain controller and pull back the lockout event and the source computer of the lockout.
In addition to the source computer, it will display if an account is currently locked out, bad password count, bad password time, domain controller and account lockout time.
This will require rights to view the logs on the domain controller.
Example 3: Quickly Reset Passwords
You can either reset the current locked user or search for a user to reset.
- The Microsoft RSAT tools must be installed if running on a remote computer such as Windows 10.
- The user running this tool will need rights to unlock and reset accounts
- The details option requires rights to view the logs on domain controllers. This can be delegated to staff rather than providing them domain admin rights.
- The source computer requires the auditing logs to be enabled on the domain controllers.