Change multiple accounts

  • Thread starter Thread starter Mark Warbeck
  • Start date Start date
M

Mark Warbeck

On occasion our Active Directory is attacked and hundreds of users get
locked out. They don't like waiting 30 minutes for the lockout to expire. Is
there a tool or script that will allow me to unlock all accounts at once?
It's tedious to unlock them one by one.

Thanks,
Mark
 
First I would find the cause and prevent it.

Otherwise here us a sample script that shows how to unlock accounts
Resetting All Locked-Out User Accounts for a Domain Using a VBScript Active
Server Page

Dim Domain
Dim UserAccount
Dim Counter
Dim DomainName
Counter = 0
DomainName = "Target_Domain_Name"
Set Domain = GetObject("WinNT://" & DomainName)
Domain.Filter = Array("User")
For Each UserAccount In Domain
If UserAccount.IsAccountLocked = True Then
Response.Write UserAccount.Name
UserAccount.IsAccountLocked = False
UserAccount.SetInfo
Counter = Counter + 1
End If
Next
If Counter >0 Then
Response.Write Counter & " user accounts were unlocked in the " &
Domain.Name & " domain."
Else
Response.Write "No user accounts in the " & Domain.Name & " domain were
locked."
End If
 
Richard,

Thanks for the quick response. I copied your code into a file with the .vbs
extention. I changed "Target_Domain_Name" to the name of my domain. I get
the following error:

Line: 11
Char: 11
Error: Object required: 'Response'
Code: 800A01A8
Source: Microsoft VBScript runtime error

This KB article seems to apply but I don't understand it.

http://support.microsoft.com/default.aspx?scid=kb;en-us;224422

Thanks for any additional help.

Mark


Richard McCall said:
First I would find the cause and prevent it.

Otherwise here us a sample script that shows how to unlock accounts
Resetting All Locked-Out User Accounts for a Domain Using a VBScript Active
Server Page

Dim Domain
Dim UserAccount
Dim Counter
Dim DomainName
Counter = 0
DomainName = "Target_Domain_Name"
Set Domain = GetObject("WinNT://" & DomainName)
Domain.Filter = Array("User")
For Each UserAccount In Domain
If UserAccount.IsAccountLocked = True Then
Response.Write UserAccount.Name
UserAccount.IsAccountLocked = False
UserAccount.SetInfo
Counter = Counter + 1
End If
Next
If Counter >0 Then
Response.Write Counter & " user accounts were unlocked in the " &
Domain.Name & " domain."
Else
Response.Write "No user accounts in the " & Domain.Name & " domain were
locked."
End If

--
Richard McCall [MSFT]

"This posting is provided "AS IS" with no warranties, and confers no
rights."
Mark Warbeck said:
On occasion our Active Directory is attacked and hundreds of users get
locked out. They don't like waiting 30 minutes for the lockout to
Click to expand...
expire.
Is
there a tool or script that will allow me to unlock all accounts at once?
It's tedious to unlock them one by one.

Thanks,
Mark
Click to expand...
Click to expand...
 
Mark said:
Richard,

Thanks for the quick response. I copied your code into a file with the .vbs
extention. I changed "Target_Domain_Name" to the name of my domain. I get
the following error:

Line: 11
Char: 11
Error: Object required: 'Response'
Code: 800A01A8
Source: Microsoft VBScript runtime error
Click to expand...

Hi

Response.Write is used from an ASP page and will not work in an ordinary
vbscript file. Replace "Response.Write" with "Wscript.Echo" and run your
vbscript in a command prompt with cscript.exe, like this:

cscript.exe "some script file.vbs"

If you want the output into a file instead, you can use this:

cscript.exe "some script file.vbs" > "some log file.txt"
 
The script is design to run in an ASP page to get it to run as a standalone
vbs script use this version instead. The only change is the output.
Response.Write vs wscript.echo. Make sure the Target Domain Name is in
Quotes

Call the script via the command prompt
c:\cscript unlock.vbs
Dim Domain
Dim UserAccount
Dim Counter
Dim DomainName
Counter = 0
DomainName = "Target_Domain_Name"
Set Domain = GetObject("WinNT://" & DomainName)
Domain.Filter = Array("User")
For Each UserAccount In Domain
If UserAccount.IsAccountLocked = True Then
wscript.echo UserAccount.Name
UserAccount.IsAccountLocked = False
UserAccount.SetInfo
Counter = Counter + 1
End If
Next
If Counter >0 Then
wscript.echo Counter & " user accounts were unlocked in the " &
Domain.Name & " domain."
Else
wscript.echo "No user accounts in the " & Domain.Name & " domain were
locked."
End If

--
Richard McCall [MSFT]

"This posting is provided "AS IS" with no warranties, and confers no
rights."
Mark Warbeck said:
Richard,

Thanks for the quick response. I copied your code into a file with the ..vbs
extention. I changed "Target_Domain_Name" to the name of my domain. I get
the following error:

Line: 11
Char: 11
Error: Object required: 'Response'
Code: 800A01A8
Source: Microsoft VBScript runtime error

This KB article seems to apply but I don't understand it.

http://support.microsoft.com/default.aspx?scid=kb;en-us;224422

Thanks for any additional help.

Mark


Richard McCall said:
First I would find the cause and prevent it.

Otherwise here us a sample script that shows how to unlock accounts
Resetting All Locked-Out User Accounts for a Domain Using a VBScript Active
Server Page

Dim Domain
Dim UserAccount
Dim Counter
Dim DomainName
Counter = 0
DomainName = "Target_Domain_Name"
Set Domain = GetObject("WinNT://" & DomainName)
Domain.Filter = Array("User")
For Each UserAccount In Domain
If UserAccount.IsAccountLocked = True Then
Response.Write UserAccount.Name
UserAccount.IsAccountLocked = False
UserAccount.SetInfo
Counter = Counter + 1
End If
Next
If Counter >0 Then
Response.Write Counter & " user accounts were unlocked in the " &
Domain.Name & " domain."
Else
Response.Write "No user accounts in the " & Domain.Name & " domain were
locked."
End If

--
Richard McCall [MSFT]

"This posting is provided "AS IS" with no warranties, and confers no
rights."
Mark Warbeck said:
On occasion our Active Directory is attacked and hundreds of users get
locked out. They don't like waiting 30 minutes for the lockout to
Click to expand...
expire.
Is
there a tool or script that will allow me to unlock all accounts at once?
It's tedious to unlock them one by one.

Thanks,
Mark
Click to expand...
Click to expand...
Click to expand...
 
Thanks for the help. It will save me lots of time and effort.

Mark


Richard McCall said:
The script is design to run in an ASP page to get it to run as a standalone
vbs script use this version instead. The only change is the output.
Response.Write vs wscript.echo. Make sure the Target Domain Name is in
Quotes

Call the script via the command prompt
c:\cscript unlock.vbs
Dim Domain
Dim UserAccount
Dim Counter
Dim DomainName
Counter = 0
DomainName = "Target_Domain_Name"
Set Domain = GetObject("WinNT://" & DomainName)
Domain.Filter = Array("User")
For Each UserAccount In Domain
If UserAccount.IsAccountLocked = True Then
wscript.echo UserAccount.Name
UserAccount.IsAccountLocked = False
UserAccount.SetInfo
Counter = Counter + 1
End If
Next
If Counter >0 Then
wscript.echo Counter & " user accounts were unlocked in the " &
Domain.Name & " domain."
Else
wscript.echo "No user accounts in the " & Domain.Name & " domain were
locked."
End If

--
Richard McCall [MSFT]

"This posting is provided "AS IS" with no warranties, and confers no
rights."
Mark Warbeck said:
Richard,

Thanks for the quick response. I copied your code into a file with the .vbs
extention. I changed "Target_Domain_Name" to the name of my domain. I get
the following error:

Line: 11
Char: 11
Error: Object required: 'Response'
Code: 800A01A8
Source: Microsoft VBScript runtime error

This KB article seems to apply but I don't understand it.

http://support.microsoft.com/default.aspx?scid=kb;en-us;224422

Thanks for any additional help.

Mark


Richard McCall said:
First I would find the cause and prevent it.

Otherwise here us a sample script that shows how to unlock accounts
Resetting All Locked-Out User Accounts for a Domain Using a VBScript Active
Server Page

Dim Domain
Dim UserAccount
Dim Counter
Dim DomainName
Counter = 0
DomainName = "Target_Domain_Name"
Set Domain = GetObject("WinNT://" & DomainName)
Domain.Filter = Array("User")
For Each UserAccount In Domain
If UserAccount.IsAccountLocked = True Then
Response.Write UserAccount.Name
UserAccount.IsAccountLocked = False
UserAccount.SetInfo
Counter = Counter + 1
End If
Next
If Counter >0 Then
Response.Write Counter & " user accounts were unlocked in the " &
Domain.Name & " domain."
Else
Response.Write "No user accounts in the " & Domain.Name & " domain were
locked."
End If

--
Richard McCall [MSFT]

"This posting is provided "AS IS" with no warranties, and confers no
rights."
On occasion our Active Directory is attacked and hundreds of users get
locked out. They don't like waiting 30 minutes for the lockout to expire.
Is
there a tool or script that will allow me to unlock all accounts at once?
It's tedious to unlock them one by one.

Thanks,
Mark
Click to expand...
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

loockout Account & Active Directory Manager 1
Unlock bunches of accounts 3
Random Account Lockouts 1
Change Field Replication Priority 1
Account Lock out Policy in Group Policy 2
AD accounts not being unlocked when "lockout duration" setting rea 5
Account Lockout Problems 1
all accounts locked out !!! 4

Back
Top