We help IT Professionals succeed at work.

Need help to unlock an Active Directory account using PHP and LDAP

maximus81 asked
I am trying to unlock an account using PHP and adLDAP and having no luck. i have been searching around for something that would work but everything i find spits out errors that I can't fix. Can anyone point me to a page that has a working solution? Thank you
Watch Question

Here is an example. As there is no method to unlock an account built into ADLDAP by default I extend the adLDAP class to add the function. Hopefully they update their schema to include the feature by default in the near future.

You would obviously need to update your own AD settings in the $options array and a test username in $user.

	require_once(dirname(__FILE__) . '\adldap.php');
	// Extend the base adLDAP class with our unlock function
	class myADLDAP extends adLDAP {
		public function unlock_user($username) {
			$user = $this->user()->info($username, array("cn")); 
			if ($user[0]['dn'] == NULL) {
				return (false);
			$user_dn = $user[0]['dn']; 
			$add['lockoutTime'] = array(0); 
			$result = ldap_mod_replace($this->getLdapConnection(), $user_dn, $add); 
			if ($result == false) { 
				return (false); 
			return (true); 

	// The username to be unlocked
	$user = 'testuser';
	// AD settings
	$options = array(
		'base_dn' => 'DC=test,DC=local',
		'account_suffix' => '@test.local',
		'domain_controllers' => array(''),
		'admin_username' => 'administrator',
		'admin_password' => 'adminpassword'
	// Instantiate using the extended class so we can access unlock_user()
	try {
		$adldap = new myADLDAP($options);
	catch (adLDAPException $e) {
		echo $e;

	$result = $adldap->unlock_user($user);
	echo ($result === TRUE) ? "<b>$user</b> unlocked successfully." : "<b>$user</b> does not exist";

Open in new window


this worked perfect, thank you very much.