Ping a Specific Port

Question

Izzy

Asked: 2009-07-01 18:48:21 +0800 CST2009-07-01 18:48:21 +0800 CST 2009-07-01 18:48:21 +0800 CST

Unlock AD User Account using DSMOD (command line)

772

Just a quick question. I need to be able to unlock user accounts from the command line, NOT using NET USER loginname /DOMAIN /ACTIVE:YES

This is because our corporation lives across 4 domains, and the NET command is tied to the computer domain, with no way to specify alternative domains. Also, using ADUC is not an option for this specific case.

Basically, does DSMOD USER userDN -disabled no actually unlock an account? I can test this on Thursday, but wanted to know if I had to get in early to script the solution instead.

Cheers

6 Answers

Voted

Izzy · Answer 1 · 2009-07-03T06:43:17+08:00

Best Answer

Izzy

2009-07-03T06:43:17+08:002009-07-03T06:43:17+08:00

The answer is Yes.

dsmod user userDN -disabled no

This does unlock an account.

7

Joey · Answer 2 · 2011-02-09T03:55:00+08:00

Joey

2011-02-09T03:55:00+08:002011-02-09T03:55:00+08:00

You can do an unlock/password Reset by SAM Name using this:

dsquery user domainroot -samid %username%|dsmod user -disabled no -pwd %newpass% -mustchpwd yes

4

benPearce · Answer 3 · 2009-07-01T19:11:37+08:00

benPearce

2009-07-01T19:11:37+08:002009-07-01T19:11:37+08:00

Unlock from joeware will do exactly this, as well as reporting currently locked accounts

3

Ehtyar · Answer 4 · 2009-07-01T19:14:28+08:00

Ehtyar

2009-07-01T19:14:28+08:002009-07-01T19:14:28+08:00

If you're able to use vbscript, this should do the trick:

Set objUser = GetObject ("LDAP://cn=user,ou=OrganisationalUnit,dc=test,dc=com")
objUser.IsAccountLocked = False
objUser.SetInfo

Ehtyar.

2

RBA · Answer 5 · 2017-11-09T23:23:19+08:00

RBA

2017-11-09T23:23:19+08:002017-11-09T23:23:19+08:00

The answer by @Akshi (which received a negative vote unfairly) should be the correct one - account disabled and LockedOut are two different things.

Admins with the proper rights can Disable an account, using the wrong password too many times will Lock your account.

Using Get-ADUser %username% -prop LockedOut in Power-Shell you can see the Enabled and the LockedOut attributes.

dsmod user userDN -disabled no requires elevated admin privileges to work in most system setups, and I'm not sure it will unlock the account, I couldn't test it.

Unlock-ADaccount username will work for most users with basic admin rights - worked for me.

2

Akshi · Answer 6 · 2015-09-22T16:18:02+08:00

Akshi

2015-09-22T16:18:02+08:002015-09-22T16:18:02+08:00

i think you should use that command Unlock-ADaccount username

hopefully this will help you

-1

Unlock AD User Account using DSMOD (command line)

Ping a Specific Port

What port does SFTP use?

Resolve host name from IP address

How can I sort du -h output by size

Command line to list users in a Windows Active Directory group?

What's the command-line utility in Windows to do a reverse DNS look-up?

How to check if a port is blocked on a Windows machine?

What port should I open to allow remote desktop?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?