Monday, 12 January 2015

Find Locked Out AD User Accounts using Powershell

We can find all lockout out AD users by using Powershell cmdlet Search-ADAccount. In this article, I am going to write Powershell script samples to list all locked out AD accounts, export locked out accounts to CSV file, and unlock all the locked-out users.

Powershell command to list all locked out AD users:
Search-ADAccount –LockedOut

Summary:

Find all locked out AD user accounts

The following command find all the locked out users by passing the parameter LockedOut into the Powershell cmdlet Search-ADAccount and list the selected properties of all locked-out users.
Import-Module ActiveDirectory
Search-ADAccount –LockedOut |
 Select -Property Name,DistinguishedName

Find locked out accounts from specific OU

We can set target OU scope by using the parameter SearchBase in Search-ADAccount cmdlet. The following command select and list all the Locked-Out Active Directory users from the Organization Unit 'TestOU'.
Import-Module ActiveDirectory
Search-ADAccount  -SearchBase "OU=TestOU,DC=TestDomain,DC=Local" –LockedOut |
 Select -Property Name,DistinguishedName

Export locked out AD users to CSV file

We can export powershell output into CSV file by using Export-CSV cmdlet. The following command export selected properties of all locked out Active Directory user accounts to CSV file.
Import-Module ActiveDirectory
Search-ADAccount –LockedOut |
 Select -Property Name,DistinguishedName |
 Export-CSV "C:\\LockedOutADUsers.csv" -NoTypeInformation -Encoding UTF8
CSV Output of Locked-Out AD User Accounts:

Find and Export Locked-Out AD Users using Powershell

Unlock all locked out AD users

You can unlock the locked-out Active Directory user account by using Powershell cmdlet Unlock-ADAccount. The following command find all the locked-out AD user accounts using Search-ADAccount cmdlet and unlock accounts by using Unlock-ADAccount cmdlet.
Import-Module ActiveDirectory
Search-ADAccount –LockedOut | Unlock-ADAccount
Use the below command, if you want to unlock users only from specific OU.
Import-Module ActiveDirectory
Search-ADAccount  -SearchBase "OU=TestOU,DC=TestDomain,DC=Local" –LockedOut | 
   Unlock-ADAccount

Advertisements
Advertisements

No comments:

Post a Comment