Unlock

Summary

Command line Active Directory unlock tool. Will show you currently locked accounts and unlock accounts. One simple command to unlock all locked accounts in a domain.

Warranty

See warranty.

PlatForms

Windows 2000 against Active Directory
Windows Server 2003 against Active Directory
Windows XP against Active Directory

Current Version

Version 2.1.0 - August 16, 2004

Modification(s) from previous version

Corrected bug in parameter parsing

Security Requirements

There are no local security requirements for running Unlock. Information returned from Active Directory will be dependent on the security configured for the directory. Generally a normal Active Directory user can query lockout status of users in the forest. Unlocking accounts will require write property permission on the lockoutTime attribute.

Language

C++. Compiled with Borland Builder 6.0

Source Code Availability

None

Story

Unlock is an extremely popular tool. Lots of admins seem to do a lot of unlocking of users, using unlock is so much faster than the GUI that it shouldn't even be a competition in your head which one to use. I wrote the original unlock code when talking with developers from the MTEC company and they indicated it wasn't possible to unlock an account with delegated rights. This shows exactly how possible it is to do.

If you want to just delegate off the ability to unlock an account or group of accounts in an OU or in the domain, you can use DSACLS with a command line similar to:

dsacls "OU=OUName,DC=domain,DC=com" /I:S /G "Domain\Group Name":RPWP;lockoutTime;user

Note that DSACLS sucks in that you have to be careful with case so be careful with the case.

You will note that the usage is a little different from other joeware tools. This is because the original version didn't have that format and I didn't want to break any existing scripts that were already using unlock. This will get cleaned up in a future version.

Download

You do not have to supply the email address. I would like you to fill that in though so that I have an idea on how popular a tool really is. If I see 1000 downloads with 900 different email addresses I know it is more widespread than one that has 1000 downloads and 200 different email addresses because the same person needed to keep downloading it for some reason.

Version History

Update: Version 1.00.00 - 01/30/2001 - Original.
Update: Version 2.00.00 - 03/11/2003 - Complete rewrite.
Update: Version 2.01.00 - 08/16/2004 - Corrected a bug in parameter parsing

As seen in

Active Directory Cookbook Second Edition - O'Reilly Publishing
http://www.jsiinc.com in tips and tricks
Windows IT Pro Magazine
Various blogs.
Thousands of USENET newsgroup postings.
ActiveDir Org postings.

Usage

Download and type Unlock /?

See current usage screens

Email Address:	Optional

Sponsored Link: