Automatic Active Directory account unlock with PowerShell
The PowerShell script given below can be used to automatically unlock the Active Directory user accounts that have been locked out in an organization. ADSelfService Plus also offers an option which, when enabled, runs a scheduler at regular intervals to search for locked user accounts and automatically unlocks them. Here is a comparison between the automatic account unlock using PowerShell and ADSelfService Plus:
PowerShell
Search-ADAccount -Lockedout | Unlock-AdAccount
ADSelfService Plus
- Go to Configuration > Policy Configuration.
- Create a new policy.
- Once the information required to create the policy is provided, click on Advanced, navigate to the Automation tab and select the Automatically unlocks locked-down accounts in your domain checkbox.
- Specify the Frequency at which the scheduler should be run.Click OK and in the Policy Configuration section, click Save.
- Quick configuration:
With ADSelfService Plus, account unlock can be enabled by entering minimal information. The above PowerShell script can unlock all locked user accounts at once, but running a scheduler that finds and unlocks locked out user accounts needs creating extremely extensive scripts.
- Secure management of data:
In ADSelfService Plus, sensitive information like the user's credentials are not stored anywhere, unlike the above PowerShell script which requires storing the user's credentials in the script.
- Choose users' whose accounts can be automatically unlocked:
In ADSelfService Plus administrators can specify the users belonging to specific domain, OUs, and groups whose users to have their accounts automatically unlocked upon getting locked out. Using PowerShell to automate account unlocks for specific users will require creating and managing an extensive script.
- Automatically synchronize any changes to the user account with all domain controllers:
Once the user has been unlocked with ADSelfService Plus, the user's account status is automatically synchronized with all the domain controllers in the AD domain.
- Synchronize unlocks with integrated enterprise applications:
When users unlock their user accounts using ADSelfService Plus, their locked user accounts in enterprise applications integrated for password synchronization are automatically unlocked as well.
- Audit password reset and other actions:
With ADSelfService Plus, the automatic account unlocks, the self-service actions, enrollment, and identity verification are audited and can be accessed in the form of reports that can be generated with just a few clicks.
- Notify the admin:
Administrators can be notified through mail and SMS about the users password resets and other actions like account unlock, password change, and enrollment using ADSelfService Plus.
Automatically unlock Active Directory users' accounts
Get 30-day free trialRelated Resources
- Password Expiry Email Notification using powershell
- Account Expiry Notification using Powershell Script
- How to unlock active directory user account using Powershell Script?
- How to sync active directory password with Office 365 using Powershell
- How to blacklist weak Active Directory passwords
- Self-service Active Directory Password Reset with Powershell
- Powershell Script to Reset User's Password in Google Apps
- How to audit Active Directory Password Quality using Powershell
- Office 365 Password Policy with PowerShell
- How to change user password at first logon using Powershell Script
- How to reset an Azure Active Directory User Password using Powershell
- How to automate Password Reset with Powershell Command
- How to automate unlock with powershell
- How to Get Password Age with Powershell
- How to change Local User Password Remotely using PowerShell script
- How to identify Active Directory Users with Pwned Passwords using Powershell?
- How to self-update active directory details using Powershell
- Powershell password security best practices
- How to enforce password policy for AD user using powershell
- How to get fine-grained password policy using Powershell
- How to sync password between ad domains using Powershell?
- How to find bad password attempts in Active Directory using PowerShell
