Unlocking accounts

B

Barbara

Anyone know of a way to unlock user accounts in AD via a script or
something? We used to have one that would unlock an account by a person
running it who did not have domain admin and had not been given delegated
rights. Do anyone have one like that? Or know where I could find one like
it?

Recently our domain admins changed their passwords and today I came in to
work to find the domain admin had his account locked out and there was
nobody there to unlock it (or anyone else) because everyone either comes in
later or is away. Just need a backdoor in the event this happens again...

Thanks
 
S

Steven L Umbach

The built in domain administrator account [the one whose SID ends in 500]
can not be locked out to interactive logon though it can be disabled for
normal logon but will be able to logon in Safe Mode.

There is no magic script to allow an unprivileged user to unlock an
administrator account unless that script references an administrator account
by name/password using runas or such.

Solutions include using another administrator account, possibly an account
with a password secured in a safe so that it is only used in special
circumstances and such use documented. Another possibility is to have those
administrators that are away to remote in to unlock an account via Remote
Desktop.

Steve
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Password not functional after unlocking workstation 1
Two domain accounts pointing to same profile folder 1
Can an admin unlock a pc without logging the user off? 1
User accounts 2
Clear User Name Field when Unlocking PC 10
Unlocking Accounts on XP Professional 3
Unlock workstation without closing session 4
Admin unlocking "locked out account" 5

Top