• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1844
  • Last Modified:

A script to unlock the AD account.

A script to unlock the AD account.
I would like to have  a windows script that a specific user can click on to unlock his Active Directory account.
This user  works during Odd hours an no administrator  is available to unlock his AD account.
And also wantto know what kind of permissions that this user will have to achieve this.

Thanks
0
jskfan
Asked:
jskfan
  • 5
  • 3
  • 3
6 Solutions
 
afthabCommented:
HI,

http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_24912703.html

The below tool can provide the feature :

ADSelfService Password management
http://www.manageengine.com/products/self-service-password/
Toll Free: +1-888-720-9500
0
 
NotVeryFatCommented:
Save the below as a .vbs file:
If WScript.Arguments.Count = 1 Then
	struser= WScript.Arguments(0)
	Set objUser = GetObject("LDAP://" & struser)
	objUser.IsAccountLocked = False
	objUser.SetInfo
end if

Open in new window


Then run it as filename.vbs LDAP string of user to unlock
e.g. unlockuser.vbs "CN=Smith\, John,OU=domain,OU=com"
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
NotVeryFatCommented:
Sorry, correction. Above should read

unlockuser.vbs "CN=Smith\, John,OU=Users,dc=domain,dc=com"
0
 
jskfanAuthor Commented:
NotVeryFat:
I run your script but it has done anything
0
 
jskfanAuthor Commented:
afthab:

I get this message
Error Unlocking Username On Domainname
0
 
jskfanAuthor Commented:
I checked the Active Directory policy
and found this:

Account lockout duration 1440 minutes
Account lockout threshold 6 invalid logon attempts
Reset account lockout counter after 15 minutes

what does each line mean?
I also noticed if I mistype my password just one time instead of 6 as it is indicated in the policy, I got my account locked out
0
 
NotVeryFatCommented:
I'm not sure a user can unlock their own account, whatever their priviliges. In order to unlock an account, you need to authenticate with an LDAP server. If the account's locked, then the authentication will fail...
0
 
afthabCommented:
Account lockout duration : Determines the number of minutes a locked out account remains locked out before automatically becoming unlocked. The range is 1 to 99999 minutes. You can specify that the account will be locked out until an administrator explicitly unlocks it by setting the value to 0.

Account Lockout Threshold : Determines the number of failed logon attempts that will cause a user account to be locked out. A locked out account cannot be used until it is reset by an administrator or the account lockout duration has expired. You can set values between 1 and 999 failed logon attempts, or you can specify that the account will never be locked out by setting the value to 0.

Reset account lockout Counter After: Determines the number of minutes that must elapse after a failed logon attempt before the bad logon attempt counter is reset to 0 bad logons. The range is 1 to 99999 minutes.

Can you check with the corresponding events when the account lockout occur ?

0
 
jskfanAuthor Commented:
Account lockout duration 1440 minutes

in my case , does that mean after 24hours I will be able to login ...
of course, after entering the right user name and password ????????
0
 
jskfanAuthor Commented:
thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 5
  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now