Account management is One of the most prevalent assignments that IT employees take responsibility for. Especially helping users to unlock user account in active directory domains isn’t unfamiliar. This issue stems from trying to sign in with incorrect passwords once too often.
The task is much more important when most users tend to work from home since disease breaks out. Today, we come here to deliver a compact guide to address this issue wisely and quickly, which will help your job to proceed smoothly.
What Are The Reasons For Active Directory Accounts Being Locked Out?
When your account is restricted, it indicates that the Active Directory domain (AD dohas been found a number of times of failed login. The consequence occurs when you try to fill it with the wrong passwords. The number of log-ins exceeded the standard threshold in restricting the account.
https://specopssoft.com/wp-content/uploads/2020/10/Viewing-the-Account-Lockout-Policy.png
In particular, this problem often happens with users who normally forget the “caps lock” key on their keyboard. Then, when they found the correct password already, the system doesn’t allow them to access their account anymore.
A user account lock-out threshold belongs to one of the typical security mechanisms and is built into the Active Directory Account Lockout Policy. The structure is normally applied in business firms for assisting defense accounts in the AD domain.
In most machines, it is typically configured from three to ten times login with an invalid user and password.
What Is The Best Way To Unlock User Account In Active Directory Domain
After the user account has expired, user accounts are usually unlocked when applying in either of two below ways:
- Using PowerShell to unlock the account.
- A user account is unlocked in ADUC (Active Directory Users and Computers -ADUC) snap-in manually.
Using PowerShell
The first method to unclog your user account in the active directory, you might consider utilizing PowerShell CLI.
Utilizing PowerShell, you will find more easily than most other methods to unlock an account locked in the Active Directory.
In order to conduct the way, you should set up the module of Active Directory for Windows PowerShell. You need to apply two below cmdlets to find user accounts that are locked:
- Import – module Active Directory
- Search – ADAccount-locked out
– On Windows Server, you need to set up the module of Active Directory for Windows PowerShell by using the command:
Add-WindowsFeature RSAT-AD-Powershell
-Allow your session to get the RSAT-AD-Powershell module:
Import – module Active Directory
-Check it out one more time to see whether the user account is indeed registered or not. In order to undertake this step, activate the below PowerShell one-liner
Get-ADUser- Identity bjackson- Properties LockedOut| Select – Object samaccountName, Lockedout|ft -AutoSize
-You can find the lock time by viewing the properties of the lock-out time user
Get-ADUser D.McAllister – Properties Name, lockoutTime|
Select-ObjectName,@{n=’lockoutTime’;e={[DateTime]::FromFileTime($_.lockoutTime)}}
-Use the below cmdlet to unlock a locked-out user account
Unlock – ADAccount bjackson– Confirm
-Tap Y to bear record to unlock your restricted account, next press Enter.
-In addition, you should apply the below syntax:
Get-ADUser -Identity bjackson | Unlock-ADAccount
https://theitbros.com/wp-content/uploads/2019/09/word-image-213-768×79.png
-Take a look at whether the account is unlocked now or not (locked out= True):
Get-ADUser-Identity bjackson-Properties LockedOut|Select-Object samaccountName,Lockedout
-Well, the user account is indeed unlocked. From now on, you can use your account to log in to the server or domain computer.
Furthermore, you have permission to find all locked-out accounts in the active directory domain by using the below PowerShell command.
Search-ADAccount-lockedout|Select-ObjectSamAccountName,LastLogonDate, Lockedout
Then, apply this command to unlock all restricted user accounts found:
Search-ADAccount -Lockedout | Unlock-AdAccount -Confirm
Using ADUC
The second way in order to unlock an account, you can head to the ADUC and look for the object in this snap-in. Then open the properties of it, and transfer them to the Account tab. Now find the “Unlock account. This account is currently locked out on this Active Directory Domain Controller” option and taps on the “OK” button.
https://specopssoft.com/wp-content/uploads/2020/10/Unlock-a-locked-user-account-in-Active-Directory-Users-and-Computers.png
In fact, most experienced IT staff tend to choose Window PowerShell to tackle the issue instead of using the other. They find it much clearer to correct the mistakes than to choose the other way.
Final Thoughts
If we have succeeded in keeping your company until these bottom lines, we bet you are clear on how to unlock user account in active directory domain.
There are two key ways to unclog the issue for your device. Choosing the method that is more appropriate for you for the unlocking process happens favorably for you. In our view, we suppose using Windows PowerShell to address the issue isn’t as cumbersome as the other, thanks to its simple command and procedure.
Leave a Reply