Search the Petri IT Knowledgebase

The Unofficial M365 Changelog

Sponsors

Podcasts

Learning Center
search icon

close

Icon for Latest Whitepaper

Latest Whitepaper

Choosing an MFA Solution for Your Active Directory Environment? Ask These 15 Questions.
Icon for On-Demand Webinar

On-Demand Webinar

Combating Cyberattacks in 2022: Prepare to Defend Your Active Directory
Icon for Live Webinar Coming Soon

Live Webinar Coming Soon

Deep Dive: How to Migrate Native GPOs to Microsoft Intune
Icon for Upcoming Conference

Upcoming Conference

GET-IT Microsoft Cloud Security and Compliance 1-Day Virtual Conference

Home

Active Directory

Search Active Directory for Locked-Out User Accounts with PowerShell

Author avatar - Russell Smith

Russell Smith

 |

Jun 11, 2013

How do I search Active Directory for locked-out accounts using PowerShell?

Most organizations set Active Directory Account Lockout Policy to a maximum number of three to five logon attempts. Once the threshold has been exceeded, users either need to call the helpdesk to have their account unlocked, or wait 30 minutes for the account to be unlocked automatically. While it’s a necessary best practice to defend against brute force password attacks on Active Directory, account lockout policy sometimes leads users to accidentally lock themselves out, generating extra work for the help desk.

It can be useful to search Active Directory for locked-out accounts, maybe to investigate potential security issues or preempt a helpdesk call. The easiest way to run a search is from the command line using PowerShell.

advertisment

Search Active Directory for Locked-Out Accounts

If you’ve never worked with PowerShell before, the Search cmdlet is a good place to begin. The cmdlet is quite simple and can be useful when you need to generate reports.

  • Logon to Windows Server 2012 with a user that has permission to enumerate Active Directory accounts.
  • Open PowerShell by clicking the blue PowerShell icon on the desktop Taskbar.
  • Type Search-ADAccount –LockedOut and press Enter.

Searching AD using PowerShell 3.0

If there are any locked-out accounts in your Active Directory domain, the results should now be listed in the PowerShell window.

Before you can run PowerShell Active Directory cmdlets on Windows Server 2008 (or R2), you have to import the Active Directory PowerShell module. To import the module, type Import-module ActiveDirectory and press Enter in the PowerShell window. The import process happens automatically in Windows Server 2012 when you run an Active Directory cmdlet.

advertisment

Unlock Locked-Out Active Directory Accounts

You can also choose to automatically unlock any accounts that the Search cmdlet returns by piping the results from Search to the Unlock cmdlet as shown below.

  • Type Search-ADAccount –LockedOut in the PowerShell window to see if you have any locked-out accounts in your Active Directory domain. For the purposes of demonstrating the command below, you’ll need at least one locked-out account.
  • Type the following command: Search-ADAccount –LockedOut | Unlock-ADAccount
  • Now run Search-ADAccount –LockedOut without the Unlock cmdlet. The Search cmdlet should return no results.

More from Russell Smith

This Week in IT Ep 19

Microsoft Takes on Rival Calendly with Outlook Bookings - Plus the Latest IT News Updates
Vertical tabs in Edge and Chrome

Find Open Tabs Faster in Chrome and Edge! - Plus IT News Update and Petri Spotlight
Windows Logo

What’s New with Windows – April 2022

advertisment

Petri Newsletters

Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.

advertisment

More in Active Directory

Network Security

How to Access Active Directory

May 17, 2022 | Michael Reinders

Cloud Computing

Microsoft Rolls Out Azure AD Verifiable Credentials Service to More Customers

May 11, 2022 | Rabia Noureen

Network Security

Active Directory vs. Azure AD (and Other Identity Providers)

May 9, 2022 | Michael Taschler

Security

Apple Finally Discontinues Support for macOS Server App

Apr 25, 2022 | Rabia Noureen

Datacenter networking servers

Microsoft Issues New Guidance on Securing Domain Controllers

Apr 15, 2022 | Rabia Noureen

Datacenter networking servers

Best Practices for Installing Active Directory Domain Controllers in a Virtual Machine

Apr 15, 2022 | Michael Taschler

Most popular on petri

Log in to save content to your profile.

Login

Sign Up

Username/Email

Password

Forgot Password?

Login

Article saved!

Access saved content from your profile page. View Saved

Reach out

Contact Us

Advertising

About Us

Media Kit

Learn More

Podcasts

Learning Center

Webinars

Sitemap

Windows

Cloud

Office 365

Servers

Join The Conversation

Create a free account today to participate in forum conversations, comment on posts and more.

Copyright ©2019 BWW Media Group

Terms and Conditions of Use

 |

Privacy Policy