General discussion

  • Creator
  • #2257280

    How to List Locked Out Accounts


    by paul_almon ·

    Does anyone know of a way to list locked out domain accounts without going through each individual one? All accounts can be listed at a command prompt by “net user /domain”, but how can only locked out accounts be listed or otherwise determined? Is there a way perhaps in Active Directory?

All Comments

  • Author
    • #3231956

      Reply To: How to List Locked Out Accounts

      by smassey ·

      In reply to How to List Locked Out Accounts

      I use the free tool unlock from, it works great.

    • #3231951

      Reply To: How to List Locked Out Accounts

      by paul_almon ·

      In reply to How to List Locked Out Accounts

      This question was closed by the author

    • #2817056

      Account Lockout Examiner

      by itsteve13 ·

      In reply to How to List Locked Out Accounts

      Good question Paul,
      There are several tools that can be used to simpilfy this process and we developed a pretty good solution–NetWrix Account Lockout Examiner ( The NetWrix Account Lockout Examiner is cost-effective, easy to use and efficient.
      The Account Lockout Examiner shows all locked account in one single view so you can unlock and troubleshoot your accounts quickly. Managing account lockouts can be an extremely time-consuming task, but with the NetWrix Account Lockout Examiner, IT operators personnel are can notified of all account lockouts via real-time alerts. The NetWrix Lockout Examiner then troubleshoots the issue to identify the problem, helping to ensure that it doesn?t happen again in the future, and it proactive resolves the lockout through a web-based console or E-mail that allows users to successfully log in with minimal to zero assistance from the help desk.
      Thanks for the question,
      Stephen Schimmel, Product Manager, NetWrix Corporation

    • #2831433

      Use a Query to list locked out accounts

      by lstreet ·

      In reply to How to List Locked Out Accounts

      You can use the Saved Queries feature of Windows Server 2003 to query Active Directory for any locked-out accounts. Just open the Active Directory Users and Computers console, right-click on Saved Queries in the console tree and select New –> Query. Type a name and description for the query, specify a query root (where in your namespace your query begins searching), and click the Define Query button. Since there’s no default option for finding locked-out accounts in the Common Queries box, select Custom Search instead to open the Find Custom Search box. Then select the Advanced tab and enter the following LDAP string in the Enter LDAP Query textbox:


      Click OK twice to create and run the saved query.

Viewing 3 reply threads