AD console unlock and reset password

Screenshot.png
is there any command to unlock or reset AD account from CMD?
Hiroyuki TamuraField EngineerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

zalazarCommented:
You can do this with a VBScript.
Create a file and call it e.g. "UnlockAccount.vbs" with the following code:
strAccount = "DOMAIN/USER1"
Set oUser = GetObject("WinNT://" & strAccount)
If oUser.IsAccountLocked Then
  Wscript.echo "Unlocking account " & strAccount
  oUser.IsAccountLocked = False
  oUser.Setinfo
End If

Open in new window


Change the "strAccount" variable and fill in the correct domain and username.
NVITEnd-user supportCommented:
Have you tried net user loginname /DOMAIN /active:YES
http://www.robvanderwoude.com/ntadmincommands.php
zalazarCommented:
The domain/username can also be specified on the commandline via the following script.
File: UnlockAccount.vbs
Set objArgs = Wscript.Arguments
For i = 0 to objArgs.Count - 1
  If i = 0 Then optAccount = objArgs(i)
Next

If optAccount = "" Then
  Wscript.echo "Please specify the domain/username as commandline parameter"
  Wscript.echo "cscript UnlockAccount.vbs " & Chr(34) & "DOMAIN/USER1" & Chr(34)
  Wscript.Quit 1
End If

Set oUser = GetObject("WinNT://" & optAccount)
If oUser.IsAccountLocked Then
  Wscript.echo "Unlocking account " & optAccount
  oUser.IsAccountLocked = False
  oUser.Setinfo
End If

Open in new window


In this case you have to execute the VBScript via cscript as
cscript UnlockAccount.vbs "DOMAIN/USER1"

The "net user loginname /DOMAIN /active:YES"   should also work but please keep in mind that a disabled account will also be enabled with this command.
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

Hiroyuki TamuraField EngineerAuthor Commented:
Screenshot.pngI guess I don't have an access.
NVITEnd-user supportCommented:
What OS are you running CMD prompt on? Run CMD prompt as domain admin...
1. Hover mouse cursor over Command Prompt shortcut.
2. Shift-Right-click.
3. Pick Run as different user. Enter domain admin credentials.
zalazarCommented:
By default you need to be a member of "Domain Admins", "Enterprise Admins" or the "Administrators" group of the Active Directory domain to be able to activate/unlock user accounts. If you are not a member of one of these groups you will indeed get an Access denied.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Hiroyuki TamuraField EngineerAuthor Commented:
Thank you!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Access

From novice to tech pro — start learning today.