Unfortunately Windows Server 2008 can’t show you if a user is currently locked or not. But the advantage of that is you finally have to learn Powershell 🙂

Don’t worry, it’s much easier than it looks.

Let’s Get Started!

 

Prerequisites:

If you run Powershell straight from your PC you need to have the “Remote Server Administration Tools” for Windows installed. Because we use Active Directory Cmdlets. For Windows 7 (SP1) you can follow this link: http://www.microsoft.com/nl-nl/download/details.aspx?id=7887. For other versions, google for “Remote Server Administration Tools”.

And off course, you need Powershell 2.0.

Step1:

Start Powershell with enough privileges to write/read from the domain. Preferably a domain admin. Press “Shift” and right-click to run as different user.

Step2:

Import the Active Directory module.

Import-Module ActiveDirectory

Powershell will now load the Active Directory Cmdlet…

Step3:

Enter the following command:

Search-ADAccount -LockedOut

When a user is locked out, the result will look like this:

locked-out-result

 

If the result is empty, there is currently no user locked out.

locked-out-empty


For more info about the “Search-ADAccount” Cmdlet: http://technet.microsoft.com/en-us/library/ee617247.aspx

Step4:

If the CEO stands on your side watching your sublime Powershell skills 🙂 you might want to unlock to user account right away. To make that happen you just have to pipe the result with the locked user name into the Unlock-ADAccount command.

Search-ADAccount -LockedOut | Unlock-ADAccount

et Voila! He can login again!

For more info about the “Unlock-ADAccount” Cmdlet: http://technet.microsoft.com/nl-nl/library/dd391907(v=ws.10).aspx

Good Luck!