General discussion

Locked

How to List Locked Out Accounts

By paul_almon ·
Does anyone know of a way to list locked out domain accounts without going through each individual one? All accounts can be listed at a command prompt by "net user /domain", but how can only locked out accounts be listed or otherwise determined? Is there a way perhaps in Active Directory?

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by SMassey In reply to How to List Locked Out Ac ...

I use the free tool unlock from joeware.net, it works great.
http://www.joeware.net/win/free/tools/unlock.htm

Collapse -

by paul_almon In reply to

Works great! Thanks.

Collapse -

by paul_almon In reply to How to List Locked Out Ac ...

This question was closed by the author

Collapse -

Account Lockout Examiner

by ITsteve13 In reply to How to List Locked Out Ac ...

Good question Paul,
There are several tools that can be used to simpilfy this process and we developed a pretty good solution--NetWrix Account Lockout Examiner (http://netwrix.com/account_lockout_examiner.html). The NetWrix Account Lockout Examiner is cost-effective, easy to use and efficient.
The Account Lockout Examiner shows all locked account in one single view so you can unlock and troubleshoot your accounts quickly. Managing account lockouts can be an extremely time-consuming task, but with the NetWrix Account Lockout Examiner, IT operators personnel are can notified of all account lockouts via real-time alerts. The NetWrix Lockout Examiner then troubleshoots the issue to identify the problem, helping to ensure that it doesn?t happen again in the future, and it proactive resolves the lockout through a web-based console or E-mail that allows users to successfully log in with minimal to zero assistance from the help desk.
Thanks for the question,
Stephen Schimmel, Product Manager, NetWrix Corporation
www.netwrix.com

Collapse -

Use a Query to list locked out accounts

by lstreet In reply to How to List Locked Out Ac ...

You can use the Saved Queries feature of Windows Server 2003 to query Active Directory for any locked-out accounts. Just open the Active Directory Users and Computers console, right-click on Saved Queries in the console tree and select New --> Query. Type a name and description for the query, specify a query root (where in your namespace your query begins searching), and click the Define Query button. Since there's no default option for finding locked-out accounts in the Common Queries box, select Custom Search instead to open the Find Custom Search box. Then select the Advanced tab and enter the following LDAP string in the Enter LDAP Query textbox:

(&(objectCategory=Person)(objectClass=User)(lockoutTime>=1))

Click OK twice to create and run the saved query.

Back to Windows Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums