Description
In this article, I am going write vbscript code to Unlcok active directory user account by asking account name from user and vbscript code to Unlock all the currently Locked Out AD users in Entire Domain and Specific OU.
Summary
- Unlock Active Directory User Account in VBScript
- Unlock all the Locked Out AD User Accounts in VBScript
- Unlock Locked Out AD Users From Specific OU in VBScript
VBScript to Unlock AD User Account
1. Copy the below example vbscript code and paste it in notepad or in vbscript editor.
2. Save the file with a .vbs extension, for example: UnlockADUser.vbs
3. Double-click the vbscript file (or Run this file from command window) to unlock active directory user.
4. Enter the user name to Unlock and click OK to proceed.
Click to get vbscript source code as file Download UnlockADUser.vbs
' UnlockADUser.vbs
' Sample VBScript to Unlock Active Directory user .
' Author: https://www.morgantechspace.com/
' ------------------------------------------------------'
Option Explicit
Dim adoCommand, adoConnection
Dim varBaseDN, varFilter, varAttributes
Dim objRootDSE, varDNSDomain, strQuery, adoRecordset
Dim strUserName,objUser
' Asks username from user to Unlock.
Do
strUserName= InputBox ("Please enter user name")
If strUserName= "" then
Wscript.Echo "No user name entered"
end if
Loop Until strUserName <> ""
' Setup ADO objects.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
Set adoCommand.ActiveConnection = adoConnection
' Search entire Active Directory domain.
Set objRootDSE = GetObject("LDAP://RootDSE")
varDNSDomain = objRootDSE.Get("defaultNamingContext")
varBaseDN = "<LDAP://" & varDNSDomain & ">"
' Filter on user objects.
varFilter = "(&(objectCategory=person)(objectClass=user)(|(samaccountname="& strUserName &")(name="& strUserName &")))"
' Comma delimited list of attribute values to retrieve.
varAttributes = "samaccountname,distinguishedname"
' Construct the LDAP syntax query.
strQuery = varBaseDN & ";" & varFilter & ";" & varAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 1000
adoCommand.Properties("Timeout") = 20
adoCommand.Properties("Cache Results") = False
' Run the query.
Set adoRecordset = adoCommand.Execute
IF(adoRecordset.EOF<>True) Then
Set objUser = GetObject("LDAP://"& adoRecordset.Fields("distinguishedname").value)
If objUser.IsAccountLocked = 0 Then
Wscript.Echo "The User '" & strUserName & "' was already Unlocked."
Else
objUser.IsAccountLocked = 0
objUser.SetInfo
WScript.Echo "The user '"& strUserName &"' has been Unlocked successfully."
End if
Else
WScript.Echo "No user found with the name '"& strUserName &"'"
End if
' close ado connections.
adoRecordset.Close
adoConnection.Close
VBScript to Unlock all the Locked Out User Accounts in Active Directory
1. Copy the below example vbscript code and paste it in notepad or in vbscript editor.
2. Save the file with a .vbs extension, for example: UnLockAllADUsers.vbs
3. Double-click the VBScript file (or Run this file from command window) to Unlock all the Locked Out AD users.
Note: Just uncomment the below line in vbscript file if you want to see the user name who are getting unlocked
‘ WScript.Echo “The user ‘”& adoRecordset.Fields(“samaccountname”).value &”‘ Unlocked.”
and Run script from Command prompt: C:> CScript C:ScriptsUnLockAllADUsers.vbs
Click to get vbscript source code as a file Download UnLockAllADUsers.vbs
' UnLockAllADUsers.vbs
' Sample VBScript to Find and Unlock all the Currently Locked Out AD users.
' Author: https://www.morgantechspace.com/
' ------------------------------------------------------'
Option Explicit
' Initialize required variables.
Dim adoCommand, adoConnection
Dim varBaseDN, varFilter, varAttributes,objUser
Dim objRootDSE, varDNSDomain, strQuery, adoRecordset
Dim count_unlockedUsers
count_unlockedUsers = 0
' Setup ADO objects.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
Set adoCommand.ActiveConnection = adoConnection
' Search entire Active Directory domain.
Set objRootDSE = GetObject("LDAP://RootDSE")
varDNSDomain = objRootDSE.Get("defaultNamingContext")
varBaseDN = "<LDAP://" & varDNSDomain & ">"
' varBaseDN is Domain DN, you can give your own OU DN instead of getting from "defaultNamingContext"
' like varBaseDN = "<LDAP://OU=TestOU,DC=Domain,DC=com>"
' Filter to list locked out user objects.
varFilter = "(&(objectCategory=person)(objectClass=user)(SAMAccountType=805306368)(LockoutTime>=1))"
' Comma delimited list of attribute values to retrieve.
varAttributes = "samaccountname,distinguishedname"
' Construct the LDAP syntax query.
strQuery = varBaseDN & ";" & varFilter & ";" & varAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 1000
adoCommand.Properties("Timeout") = 20
adoCommand.Properties("Cache Results") = False
' Run the query.
Set adoRecordset = adoCommand.Execute
' Enumerate the resulting recordset.
Do Until adoRecordset.EOF
Set objUser = GetObject("LDAP://"& adoRecordset.Fields("distinguishedname").value)
If objUser.IsAccountLocked <> 0 Then
objUser.IsAccountLocked = 0
objUser.SetInfo
count_unlockedUsers =count_unlockedUsers +1
' Just uncomment the below line if you want to see the user name who are getting unlocked
' and Run script from Command prompt: C:> CScript C:ScriptsUnLockAllADUsers.vbs
' WScript.Echo "The user '"& adoRecordset.Fields("samaccountname").value &"' Unlocked."
End if
' Move to the next record in the recordset.
adoRecordset.MoveNext
Loop
IF count_unlockedUsers = 0 Then
WScript.Echo "No Locked Out AD User Accounts found."
Else
WScript.Echo "Active Directory User Account(s) Unlocked successfully"& vbCrLf _
& "No Of Users: "&count_unlockedUsers
End if
' close ado connections.
adoRecordset.Close
adoConnection.Close
VBScript to Unlock AD User Account From Specific
1. Copy the below example vbscript code and paste it in notepad or a vbscript editor.
2. Change the value for ‘varBaseDN’ into your own OU’s DN .
3. Save the file with a .vbs extension, for example: UnLockADUsersFromOU.vbs
4. Double-click the vbscript file (or Run this file from command window) to unlock locked out AD users From Specific OU.
Click to get vbscript source code as a file Download UnLockADUsersFromOU.vbs
' UnLockADUsersFromOU.vbs
' Sample VBScript to Find and Unlock all the Locked Out AD users From specific OU.
' Author: https://www.morgantechspace.com/
' ------------------------------------------------------'
Option Explicit
' Initialize required variables.
Dim adoCommand, adoConnection
Dim varBaseDN, varFilter, varAttributes,objUser
Dim objRootDSE,strQuery, adoRecordset
Dim count_unlockedUsers
count_unlockedUsers = 0
' Setup ADO objects.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
Set adoCommand.ActiveConnection = adoConnection
' Search entire Active Directory domain.
Set objRootDSE = GetObject("LDAP://RootDSE")
' varBaseDN is the OU DN for AD Serach Scope, you can give your own OU's Distinguished Name here.
varBaseDN = "<LDAP://OU=FTP,DC=work2008,DC=Local>"
' Filter to list locked out user objects.
varFilter = "(&(objectCategory=person)(objectClass=user)(SAMAccountType=805306368)(LockoutTime>=1))"
' Comma delimited list of attribute values to retrieve.
varAttributes = "samaccountname,distinguishedname"
' Construct the LDAP syntax query.
strQuery = varBaseDN & ";" & varFilter & ";" & varAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 1000
adoCommand.Properties("Timeout") = 20
adoCommand.Properties("Cache Results") = False
' Run the query.
Set adoRecordset = adoCommand.Execute
' Enumerate the resulting recordset.
Do Until adoRecordset.EOF
Set objUser = GetObject("LDAP://"& adoRecordset.Fields("distinguishedname").value)
If objUser.IsAccountLocked <> 0 Then
objUser.IsAccountLocked = 0
objUser.SetInfo
count_unlockedUsers =count_unlockedUsers +1
' Just uncomment the below line if you want to see the user name who are getting unlocked
' and Run script from Command prompt: C:> CScript C:ScriptsUnLockADUsersFromOU.vbs
' WScript.Echo "The user '"& adoRecordset.Fields("samaccountname").value &"' Unlocked."
End if
' Move to the next record in the recordset.
adoRecordset.MoveNext
Loop
IF count_unlockedUsers = 0 Then
WScript.Echo "No Locked Out AD User Accounts found."
Else
WScript.Echo "Active Directory User Account(s) Unlocked successfully"& vbCrLf _
& "No Of Users: "&count_unlockedUsers
End if
' close ado connections.
adoRecordset.Close
adoConnection.Close
Advertisement
Thanks for sharing nice post, it describes how to unlock active directory user account .I found good information from http://www.selfservicepasswordreset.org which enables to unlock accounts from any remote computer and provides option to end users to perform update of their accounts without any help.
Hi Morgan, great work you have done ! Can you also add more than 1x username in strUserName= "[user-name]" ?
Hi Morgan,
Same i have tried, but it shows same error only. My i am trying from my Windows – 7 64-bit Operating system.
Hi Morgan,
Thank u so much. Its working fine.
Thanks for ur update Mohan.