The Unlock-AdAccount in Active Directory unlocks the ad account. To unlock ad account, use the Identity parameter which specifies an account using the distinguished name, GUID, SAMAccountName, Security Identifier.
Active Directory Domain Service (AD DS) in Active Directory manages user and computer accounts. AD DS stores information about user accounts such as name, password, and so on.
When a user entered an incorrect password that exceeds the maximum number allowed by account password policy, AD DS access is locked for an account.
Using the Unlock-AdAccount cmdlet in PowerShell restores the AD DS access for an account that is locked and it unlocks the ad account.
In this article, I will explain how to use the unlock-adaccount Powershell cmdlet to unlock ad account with examples.
Unlock-AdAccount Syntax
Unlock-AdAccount cmdlet in active directory unlock ad user account.
Syntax:
Unlock-ADAccount
[-WhatIf]
[-Confirm]
[-AuthType <ADAuthType>]
[-Credential <PSCredential>]
[-Identity] <ADAccount>
[-Partition <String>]
[-PassThru]
[-Server <String>]
[<CommonParameters>]
Parameters:
-AuthType โ Specify authentication method to use either Basic authentication or Negotiate authentication. Negotiate authentication is default auth.
-Confirm โ Prompt you for confirmation to run the command
โCredentials โ Specify user account credentials to use to perform unlock adaccount. Default is a user logged on user credentials to perform the task.
-Identity โ Specify an active directory account using the distinguished name, SAMAccountName, GUID, or security identifier.
Unlock Ad Account by SamAccountName
To unlock ad account of active directory user by samaccountname, use PowerShell Unlock-AdAccount cmdlet as following
Unlock-ADAccount -Identity AronS
In the above PowerShell unlock ad account script, Unlock-AdAccount cmdlet uses the Identity parameter to unlock ad user account.
It unlocks a single-user ad account by its distinguished name Arons.
Unlock Ad Account by Distinguished Name in PowerShell
To unlock adaccount in active directory by aduser distinguished name, run below PowerShell script
Unlock-ADAccount -Identity "CN=Aron Seth,OU=HR,DC=SHELLPRO,DC=LOCAL"
In the above PowerShell unlock ad account example, Unlock-AdAccount unlock ad account retrieved using the distinguished name.
Read more to export users from active directory OU to CSV file in PowerShell!
Conclusion
I hope the above article to unlock ad account using Unlock-AdAccount cmdlet in the Active directory is helpful.
You can use the Search-AdAccount in Active Directory to find locked accounts in the active directory and use the Unlock-AdAccount cmdlet to unlock all retrieved ad user accounts.
You can find more topics about PowerShell Active Directory commands and PowerShell basics on the ShellGeek home page.