Tuesday, 7 June 2011

Find locked out domain user accounts

There were a couple of unexplained errors today in this app that is going through testing at the moment and somebody mentioned that they had been using the same accounts for accessibility testing, so there was a massive panic and I was asked to check that none of the accounts were locked out, since we are talking at over 1000 accounts, I was not prepared to go through them one by one.

I firstly thought of dsquery but alas it looks like dsquery won't do thus I then thought of using asdiedit to query the domain and bingo, after a bit of searching about I found the right query.
(&(objectCategory=person)(objectClass=user)(lockoutTime>=1))
Step by step then:
  1. Run adsiedit.msc (alternatively, run the console and add the asdiedit tab)
  2. Right Click on domain and select new | query
  3. Give the query a name, select your search root and paste the query itself
  4. Expand the domain tree and you will see your search
  5.  Now you can unlock the locked out accounts.

No comments:

Post a Comment