Powershell command to list all locked out AD users:
Search-ADAccount –LockedOut
Summary
- Find all locked out AD user accounts
- Find locked out accounts from specific OU
- Export locked out AD users to CSV file
- Unlock all locked out AD users
Find all locked out AD user accounts
The following command find all the locked out users by passing the parameter LockedOut into the Powershell cmdlet Search-ADAccount and list the selected properties of all locked-out users.
Import-Module ActiveDirectory Search-ADAccount –LockedOut | Select -Property Name,DistinguishedName
Find locked out accounts from specific OU
We can set target OU scope by using the parameter SearchBase in Search-ADAccount cmdlet. The following command select and list all the Locked-Out Active Directory users from the Organization Unit ‘TestOU‘.
Import-Module ActiveDirectory Search-ADAccount -SearchBase "OU=TestOU,DC=TestDomain,DC=Local" –LockedOut | Select -Property Name,DistinguishedName
Export locked out AD users to CSV file
We can export powershell output into CSV file by using Export-CSV cmdlet. The following command export selected properties of all locked out Active Directory user accounts to CSV file.
Import-Module ActiveDirectory Search-ADAccount –LockedOut | Select -Property Name,DistinguishedName | Export-CSV "C:\LockedOutADUsers.csv" -NoTypeInformation -Encoding UTF8
CSV Output of Locked-Out AD User Accounts:
Unlock all locked out AD users
You can unlock the locked-out Active Directory user account by using Powershell cmdlet Unlock-ADAccount. The following command find all the locked-out AD user accounts using Search-ADAccount cmdlet and unlock accounts by using Unlock-ADAccount cmdlet.
Import-Module ActiveDirectory Search-ADAccount –LockedOut | Unlock-ADAccount
Use the below command, if you want to unlock users only from specific OU.
Import-Module ActiveDirectory Search-ADAccount -SearchBase "OU=TestOU,DC=TestDomain,DC=Local" –LockedOut | Unlock-ADAccount