• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1433
  • Last Modified:

Active Directory: Unable to unlock accounts from Windows 7 desktop

I'm having an issue with AD users and computers installed on my Windows 7 desktop. I can see all kinds of information like if an account is disabled, deleted, enabled, added, etc., but I don't see when an account is locked out. I have to actually sign into a DC in order to see that the account is locked out and then unlock it. It would be great to be able to do this from my desktop.

1 Solution
Stelian StanNetwork AdministratorCommented:
Did you try to uninstall RSAT from your desktop and install it again?

Are you running Windows 7 SP1 on your machine? Their is a different RSAT for SP1 (http://www.microsoft.com/en-ca/download/details.aspx?id=7887).
Will SzymkowskiSenior Solution ArchitectCommented:
If you have powershell installed on your machine then you can use the following powershell command to get the Property of "AccountLockOutTime" which identifies the time account was locked out.

You will have to run the Import-Module activedirectory before the following commands will work.

To get a single users do the following
Get-ADUser -identity <name here> -properties * | FT displayname, AccountLockOutTime

To get a list of multiple users do the following
Get-ADUser -Filter 'objectclass "User"' -Properties * | Where-Object {$_.AccountLockOutTime -like "*1*"} | FT displayname, AccountLockOutTime

You can also put this in a script form adding it to notepad and saving it as a .ps1 file extension. From there you can simply navigate to this script in powershell and type .\<name of script>

Hope this helps!

Featured Post

Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now