How to unlock Active Directory domain accounts?

The following is a comparison between unlocking Active Directory domain accounts with Windows PowerShell and ADSelfService Plus:

Unlock Active Directory user one by one
Executing this code will unlock a single user by their samAccountName.
```
Unlock-ADAccount -Identity samAccountName
```
Copied
Unlock all AD users in a domain
Executing this code will unlock all AD users in the domain.
```
Search-ADAccount -Lockedout | Unlock-AdAccount
```
Copied

Unlock users by OU and group membership.

No support offered.

For users: Self-service account unlock, i.e., account unlock without admin intervention
- Go to ADSelfService Plus admin portal.
- Navigate to Configuration > Self-Service > Policy Configuration.
- Select Account Unlock.
- Click Select OUs/Groups to granular select which set of users need to be empowered with self-service account unlock feature.
- Click Save.
For admins: Unlock all users in a domain
- Go to ADSelfService Plus admin portal.
- Navigate to Configuration > Self-Service > Policy Configuration > Advanced.
- Enable Automatically unlocks locked-down accounts in your domain.
- Click Save.

What are the limitations of Windows PowerShell to unlock accounts?

No support for end-users to unlock their locked out accounts on their own from their Windows login screen or their mobile phones.
It doesn't allow admins to unlock user accounts based on OU and group memberships.
Creating multiple automatic account unlock schedulers for different set of users is a highly laborious process. Also, there's always a possibility of admin privilege exploitation if not maintained properly.

Cost savings
Reduces IT expense by eliminating the number one source of help desk tickets.
Improves IT security
Offers advanced multi-factor authentication techniques like biometrics and YubiKey for password self-service.
Universal enforcement
Admins can enforce self-service account unlock for both Active Directory and cloud applications.
Improves the user experience
Eliminates wait time as it allows users to unlock accounts from multiple access points.

Empower users to unlock their Active Directory and cloud accounts

Embark on your script-free AD Self-service password management with ADSelfService Plus.
32 bit

64 bit
By clicking 'Start your free trial now', you agree to processing of personal data according to the Privacy Policy.

Your download should begin automatically in 15 seconds. If not, click here to download manually.

Your download should begin automatically in 15 seconds. If not, click here to download manually.