Unfortunately Windows Server 2008 can’t show you if a user is currently locked or not. But the advantage of that is you finally have to learn Powershell 🙂

Don’t worry, it’s much easier than it looks.

Let’s Get Started!



If you run Powershell straight from your PC you need to have the “Remote Server Administration Tools” for Windows installed. Because we use Active Directory Cmdlets. For Windows 7 (SP1) you can follow this link: http://www.microsoft.com/nl-nl/download/details.aspx?id=7887. For other versions, google for “Remote Server Administration Tools”.

And off course, you need Powershell 2.0.


Start Powershell with enough privileges to write/read from the domain. Preferably a domain admin. Press “Shift” and right-click to run as different user.


Import the Active Directory module.

Import-Module ActiveDirectory

Powershell will now load the Active Directory Cmdlet…


Enter the following command:

Search-ADAccount -LockedOut

When a user is locked out, the result will look like this:



If the result is empty, there is currently no user locked out.


For more info about the “Search-ADAccount” Cmdlet: http://technet.microsoft.com/en-us/library/ee617247.aspx


If the CEO stands on your side watching your sublime Powershell skills 🙂 you might want to unlock to user account right away. To make that happen you just have to pipe the result with the locked user name into the Unlock-ADAccount command.

Search-ADAccount -LockedOut | Unlock-ADAccount

et Voila! He can login again!

For more info about the “Unlock-ADAccount” Cmdlet: http://technet.microsoft.com/nl-nl/library/dd391907(v=ws.10).aspx

Good Luck!