Sys Admin & Development

PowerShell: Find all Locked user accounts in Active Directory

Powershell find all locked user accounts in active directory
Visit code.willstocks.co.uk

This one is a very short, but sweet, guide to finding all locked out AD User accounts. These few simple commands have saved me a huge amount of time on more than one occasion!

To start with, you’ll need to ensure you’ve imported the Active Directory module. This may take a minute, but bear with it!

Import-module ActiveDirectory

Once the module is imported, you’ll then need to run the Search-ADAccount command, which will then list all locked out User accounts.

Search-ADAccount –LockedOut

Which will give you the following output (example):

PS C:\Users\Admin> Import-Module ActiveDirectory
PS C:\Users\Admin> Search-ADAccount -LockedOut

AccountExpiration    : 
DistinguishedName    : CN=Test User,OU=TestOU,DC=TestDomain,DC=com
Enabled              : True
LastLogonDate        : 01/01/1970 09:00:00
LockedOut            : True
Name                 : Test User
ObjectClass          : User
ObjectGUID           :
PasswordExpired      : False
PasswordNeverExpires : False
SamAccountName       : TestUser
SID                  :
UserPrincipalName    : TestUser@TestDomain.com

PS C:\Users\Admin>

If you simply want to see the users name’s for the locked out accounts, as opposed to more extensive details per account, you can run the following command:

Search-ADAccount –LockedOut | Select Name

From here, you have a couple of options. You can either open up ADUC and unlock the accounts manually, or you can run the following command (as long as you have the correct permissions to do so) to unlock the accounts simply and quickly:

Search-ADAccount -LockedOut | Unlock-ADAccount -Confirm

Please note: I ALWAYS use the -Confirm parameter when running this command, which prompts you per account to interact with the command. If you do not include the -Confirm parameter in the above command, all accounts will be unlocked with no interaction.

You will be provided with a few input options here. You can either hit enter one-by-one, or you can input the following letters:

  • Y – Yes (one-by-one)
  • A – Yes to All
  • N – No (one-by-one)
  • L – No to All
  • S – Suspend
  • ? – Help

Once you’ve completed this step, I’d highly advise you run the Search-ADAccount command again to ensure the accounts have actually unlocked!

Hopefully these commands will prove useful and will save you some time! If you have any useful commands, let me know down below 🙂

Visit code.willstocks.co.uk
Will Stocks

Will Stocks

As a career "IT person" and technology enthusiast, I've been around technology for over 8 years now. From enterprise-grade hardware to consumer equipment, IT Support to Systems Administrator - I'm passionate about all forms of tech, learning how it works, integrates and the scenarios in which different people would use them. I started willstocks.co.uk in 2017 and have also contributed to other websites around the Internet.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You might also like