Active Directory User Unlock Tool

Quickly find and unlock user accounts, reset passwords and troubleshoot account lockouts

Features

Find Locked Accounts

With a click of the button, you can display all locked user accounts and then choose to unlock them or reset their passwords. You can search for all locked users or check the status of a single user account. This tool is the fastest and quickest way to unlock user accounts.

Reset Passwords

Another frequent call to the helpdesk is to reset user passwords.  The user unlock tool includes the ability to quickly pull up a user account and reset the user's password. The reset password option allows you to randomly generate a password, manually create a new password and set the password to change at the next logon.

Lockout Source

Sometimes there are accounts that keep getting locked out. This can be very frustrating for the user and helpdesk. Most of the time the source of the lockout is logged in the event logs on the domain controllers. When you click on the details button this tool will retrieve those logs to display additional details such as source computer, bad password count, bad password time, domain controller and account lockout time.  This can be a huge time saver to finding the source or repeated lockouts.

How Does it Work?

The User unlock tool is very easy to use.

Step 1: Open Tool

Click User-Unlock.bat to open the tool

user-unlock-1
Click to enlarge

Step 2: Click The Find Button

To display all locked users click the find button

Click the find button to display all locked users
Click the find button to display all locked users
user-unlock-3

With all the locked users displayed just select an account and click the unlock button.

Click unlock to unlock a user account
Click unlock to unlock a user account

When you click the unlock button a message will be displayed that the user has been unlocked

Example 2: Troubleshoot Account Lockouts (Find source computer)

To troubleshoot account lockouts just select an account and click the details button.

Find source of account lockout
Find source of account lockout

In the above screenshot, I clicked details for the test.user2 account. This will query the event logs on the domain controller and pull back the lockout event and the source computer of the lockout.

In addition to the source computer, it will display if an account is currently locked out, bad password count, bad password time, domain controller and account lockout time.

This will require rights to view the logs on the domain controller.

Example 3: Quickly Reset Passwords

You can either reset the current locked user or search for a user to reset.

Quickly reset Active Directory account passwords
Quickly reset Active Directory account passwords

Requirments

  • The Microsoft RSAT tools must be installed if running on a remote computer such as Windows 10.
  • The user running this tool will need rights to unlock and reset accounts
  • The details option requires rights to view the logs on domain controllers. This can be delegated to staff rather than providing them domain admin rights.
  • The source computer requires the auditing logs to be enabled on the domain controllers.