Pricing  Get Quote
 
 

Automatic Active Directory account unlock with PowerShell

The PowerShell script given below can be used to automatically unlock the Active Directory user accounts that have been locked out in an organization. ADSelfService Plus also offers an option which, when enabled, runs a scheduler at regular intervals to search for locked user accounts and automatically unlocks them. Here is a comparison between the automatic account unlock using PowerShell and ADSelfService Plus:

PowerShell

Run this PowerShell script to unlock all the locked accounts in the organization:
Search-ADAccount -Lockedout | Unlock-AdAccount
 Copied

ADSelfService Plus

In ADSelfService Plus:
  • Go to Configuration > Policy Configuration.
  • Create a new policy.
  • Once the information required to create the policy is provided, click on Advanced, navigate to the Automation tab and select the Automatically unlocks locked-down accounts in your domain checkbox.
  • Specify the Frequency at which the scheduler should be run.Click OK and in the Policy Configuration section, click Save.
Automatic Active Directory account unlock with PowerShell
Advantages of ADSelfService Plus
  • Quick configuration:

    With ADSelfService Plus, account unlock can be enabled by entering minimal information. The above PowerShell script can unlock all locked user accounts at once, but running a scheduler that finds and unlocks locked out user accounts needs creating extremely extensive scripts.

  • Secure management of data:

    In ADSelfService Plus, sensitive information like the user's credentials are not stored anywhere, unlike the above PowerShell script which requires storing the user's credentials in the script.

  • Choose users' whose accounts can be automatically unlocked:

    In ADSelfService Plus administrators can specify the users belonging to specific domain, OUs, and groups whose users to have their accounts automatically unlocked upon getting locked out. Using PowerShell to automate account unlocks for specific users will require creating and managing an extensive script.

  • Automatically synchronize any changes to the user account with all domain controllers:

    Once the user has been unlocked with ADSelfService Plus, the user's account status is automatically synchronized with all the domain controllers in the AD domain.

  • Synchronize unlocks with integrated enterprise applications:

    When users unlock their user accounts using ADSelfService Plus, their locked user accounts in enterprise applications integrated for password synchronization are automatically unlocked as well.

  • Audit password reset and other actions:

    With ADSelfService Plus, the automatic account unlocks, the self-service actions, enrollment, and identity verification are audited and can be accessed in the form of reports that can be generated with just a few clicks.

  • Notify the admin:

    Administrators can be notified through mail and SMS about the users password resets and other actions like account unlock, password change, and enrollment using ADSelfService Plus.

Automatically unlock Active Directory users' accounts

  Get 30-day free trial.
  • Embark on your script-free AD Self-service password management with ADSelfService Plus.
  •  
  • By clicking 'Start your free trial now', you agree to processing of personal data according to the Privacy Policy.
  • Thank you for downloading!

    Your download should begin automatically in 15 seconds. If not, click here to download manually.

    Thank you for downloading!

    Your download should begin automatically in 15 seconds. If not, click here to download manually.

Related Resources

ADSelfService Plus trusted by

A single pane of glass for complete self service password management
Email Download Link