Description
In this article, I am going write vbscript code to Unlcok active directory user account by asking account name from user and vbscript code to Unlock all the currently Locked Out AD users in Entire Domain and Specific OU.
Summary
- Unlock Active Directory User Account in VBScript
- Unlock all the Locked Out AD User Accounts in VBScript
- Unlock Locked Out AD Users From Specific OU in VBScript
VBScript to Unlock AD User Account
1. Copy the below example vbscript code and paste it in notepad or in vbscript editor.
2. Save the file with a .vbs extension, for example: UnlockADUser.vbs
3. Double-click the vbscript file (or Run this file from command window) to unlock active directory user.
4. Enter the user name to Unlock and click OK to proceed.
Click to get vbscript source code as file Download UnlockADUser.vbs
' UnlockADUser.vbs ' Sample VBScript to Unlock Active Directory user . ' Author: https://www.morgantechspace.com/ ' ------------------------------------------------------' Option Explicit Dim adoCommand, adoConnection Dim varBaseDN, varFilter, varAttributes Dim objRootDSE, varDNSDomain, strQuery, adoRecordset Dim strUserName,objUser ' Asks username from user to Unlock. Do strUserName= InputBox ("Please enter user name") If strUserName= "" then Wscript.Echo "No user name entered" end if Loop Until strUserName <> "" ' Setup ADO objects. Set adoCommand = CreateObject("ADODB.Command") Set adoConnection = CreateObject("ADODB.Connection") adoConnection.Provider = "ADsDSOObject" adoConnection.Open "Active Directory Provider" Set adoCommand.ActiveConnection = adoConnection ' Search entire Active Directory domain. Set objRootDSE = GetObject("LDAP://RootDSE") varDNSDomain = objRootDSE.Get("defaultNamingContext") varBaseDN = "<LDAP://" & varDNSDomain & ">" ' Filter on user objects. varFilter = "(&(objectCategory=person)(objectClass=user)(|(samaccountname="& strUserName &")(name="& strUserName &")))" ' Comma delimited list of attribute values to retrieve. varAttributes = "samaccountname,distinguishedname" ' Construct the LDAP syntax query. strQuery = varBaseDN & ";" & varFilter & ";" & varAttributes & ";subtree" adoCommand.CommandText = strQuery adoCommand.Properties("Page Size") = 1000 adoCommand.Properties("Timeout") = 20 adoCommand.Properties("Cache Results") = False ' Run the query. Set adoRecordset = adoCommand.Execute IF(adoRecordset.EOF<>True) Then Set objUser = GetObject("LDAP://"& adoRecordset.Fields("distinguishedname").value) If objUser.IsAccountLocked = 0 Then Wscript.Echo "The User '" & strUserName & "' was already Unlocked." Else objUser.IsAccountLocked = 0 objUser.SetInfo WScript.Echo "The user '"& strUserName &"' has been Unlocked successfully." End if Else WScript.Echo "No user found with the name '"& strUserName &"'" End if ' close ado connections. adoRecordset.Close adoConnection.Close
VBScript to Unlock all the Locked Out User Accounts in Active Directory
1. Copy the below example vbscript code and paste it in notepad or in vbscript editor.
2. Save the file with a .vbs extension, for example: UnLockAllADUsers.vbs
3. Double-click the VBScript file (or Run this file from command window) to Unlock all the Locked Out AD users.
Note: Just uncomment the below line in vbscript file if you want to see the user name who are getting unlocked
‘ WScript.Echo “The user ‘”& adoRecordset.Fields(“samaccountname”).value &”‘ Unlocked.”
and Run script from Command prompt: C:> CScript C:ScriptsUnLockAllADUsers.vbs
Click to get vbscript source code as a file Download UnLockAllADUsers.vbs
' UnLockAllADUsers.vbs ' Sample VBScript to Find and Unlock all the Currently Locked Out AD users. ' Author: https://www.morgantechspace.com/ ' ------------------------------------------------------' Option Explicit ' Initialize required variables. Dim adoCommand, adoConnection Dim varBaseDN, varFilter, varAttributes,objUser Dim objRootDSE, varDNSDomain, strQuery, adoRecordset Dim count_unlockedUsers count_unlockedUsers = 0 ' Setup ADO objects. Set adoCommand = CreateObject("ADODB.Command") Set adoConnection = CreateObject("ADODB.Connection") adoConnection.Provider = "ADsDSOObject" adoConnection.Open "Active Directory Provider" Set adoCommand.ActiveConnection = adoConnection ' Search entire Active Directory domain. Set objRootDSE = GetObject("LDAP://RootDSE") varDNSDomain = objRootDSE.Get("defaultNamingContext") varBaseDN = "<LDAP://" & varDNSDomain & ">" ' varBaseDN is Domain DN, you can give your own OU DN instead of getting from "defaultNamingContext" ' like varBaseDN = "<LDAP://OU=TestOU,DC=Domain,DC=com>" ' Filter to list locked out user objects. varFilter = "(&(objectCategory=person)(objectClass=user)(SAMAccountType=805306368)(LockoutTime>=1))" ' Comma delimited list of attribute values to retrieve. varAttributes = "samaccountname,distinguishedname" ' Construct the LDAP syntax query. strQuery = varBaseDN & ";" & varFilter & ";" & varAttributes & ";subtree" adoCommand.CommandText = strQuery adoCommand.Properties("Page Size") = 1000 adoCommand.Properties("Timeout") = 20 adoCommand.Properties("Cache Results") = False ' Run the query. Set adoRecordset = adoCommand.Execute ' Enumerate the resulting recordset. Do Until adoRecordset.EOF Set objUser = GetObject("LDAP://"& adoRecordset.Fields("distinguishedname").value) If objUser.IsAccountLocked <> 0 Then objUser.IsAccountLocked = 0 objUser.SetInfo count_unlockedUsers =count_unlockedUsers +1 ' Just uncomment the below line if you want to see the user name who are getting unlocked ' and Run script from Command prompt: C:> CScript C:ScriptsUnLockAllADUsers.vbs ' WScript.Echo "The user '"& adoRecordset.Fields("samaccountname").value &"' Unlocked." End if ' Move to the next record in the recordset. adoRecordset.MoveNext Loop IF count_unlockedUsers = 0 Then WScript.Echo "No Locked Out AD User Accounts found." Else WScript.Echo "Active Directory User Account(s) Unlocked successfully"& vbCrLf _ & "No Of Users: "&count_unlockedUsers End if ' close ado connections. adoRecordset.Close adoConnection.Close
VBScript to Unlock AD User Account From Specific
1. Copy the below example vbscript code and paste it in notepad or a vbscript editor.
2. Change the value for ‘varBaseDN’ into your own OU’s DN .
3. Save the file with a .vbs extension, for example: UnLockADUsersFromOU.vbs
4. Double-click the vbscript file (or Run this file from command window) to unlock locked out AD users From Specific OU.
Click to get vbscript source code as a file Download UnLockADUsersFromOU.vbs
' UnLockADUsersFromOU.vbs ' Sample VBScript to Find and Unlock all the Locked Out AD users From specific OU. ' Author: https://www.morgantechspace.com/ ' ------------------------------------------------------' Option Explicit ' Initialize required variables. Dim adoCommand, adoConnection Dim varBaseDN, varFilter, varAttributes,objUser Dim objRootDSE,strQuery, adoRecordset Dim count_unlockedUsers count_unlockedUsers = 0 ' Setup ADO objects. Set adoCommand = CreateObject("ADODB.Command") Set adoConnection = CreateObject("ADODB.Connection") adoConnection.Provider = "ADsDSOObject" adoConnection.Open "Active Directory Provider" Set adoCommand.ActiveConnection = adoConnection ' Search entire Active Directory domain. Set objRootDSE = GetObject("LDAP://RootDSE") ' varBaseDN is the OU DN for AD Serach Scope, you can give your own OU's Distinguished Name here. varBaseDN = "<LDAP://OU=FTP,DC=work2008,DC=Local>" ' Filter to list locked out user objects. varFilter = "(&(objectCategory=person)(objectClass=user)(SAMAccountType=805306368)(LockoutTime>=1))" ' Comma delimited list of attribute values to retrieve. varAttributes = "samaccountname,distinguishedname" ' Construct the LDAP syntax query. strQuery = varBaseDN & ";" & varFilter & ";" & varAttributes & ";subtree" adoCommand.CommandText = strQuery adoCommand.Properties("Page Size") = 1000 adoCommand.Properties("Timeout") = 20 adoCommand.Properties("Cache Results") = False ' Run the query. Set adoRecordset = adoCommand.Execute ' Enumerate the resulting recordset. Do Until adoRecordset.EOF Set objUser = GetObject("LDAP://"& adoRecordset.Fields("distinguishedname").value) If objUser.IsAccountLocked <> 0 Then objUser.IsAccountLocked = 0 objUser.SetInfo count_unlockedUsers =count_unlockedUsers +1 ' Just uncomment the below line if you want to see the user name who are getting unlocked ' and Run script from Command prompt: C:> CScript C:ScriptsUnLockADUsersFromOU.vbs ' WScript.Echo "The user '"& adoRecordset.Fields("samaccountname").value &"' Unlocked." End if ' Move to the next record in the recordset. adoRecordset.MoveNext Loop IF count_unlockedUsers = 0 Then WScript.Echo "No Locked Out AD User Accounts found." Else WScript.Echo "Active Directory User Account(s) Unlocked successfully"& vbCrLf _ & "No Of Users: "&count_unlockedUsers End if ' close ado connections. adoRecordset.Close adoConnection.Close
Thanks for sharing nice post, it describes how to unlock active directory user account .I found good information from http://www.selfservicepasswordreset.org which enables to unlock accounts from any remote computer and provides option to end users to perform update of their accounts without any help.
Hi Morgan, great work you have done ! Can you also add more than 1x username in strUserName= "[user-name]" ?
Hi Morgan,
Same i have tried, but it shows same error only. My i am trying from my Windows – 7 64-bit Operating system.
Hi Morgan,
Thank u so much. Its working fine.
Thanks for ur update Mohan.