Announcement

Collapse
No announcement yet.

Script to unlock account?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Script to unlock account?

    Good afternoon folks,

    not sure if this is the correct place to ask - however - have a user who's account is constantly being locked out - and simply cannot figure out how or why this is happening, so in the short term, is there any way to run a script to simply unlock the account (have admin priv. on AD), so basically just to save a couple of minutes having to do it manually.

    long term - would like to find out what is causing the account lockouts - any ideas?

    cheers for any thoughts

    dv

  • #2
    Re: Script to unlock account?

    Check the logs of the DC, see if there's a trigger app causing it, or a location. Also see how quickly it logs out. If someone's attempting to gain access by guessing passwords via a program, chances are you'll see a rapid succession of login attempts.
    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Script to unlock account?

      When you check the security event logs of the DC, you'll see "Success" on "Account Management" event "644" - account lockout. This will be preceeded by login failures. The login failures will tell you what the issue was (to an extent - and if you can figure out what the codes mean) and in the event 644 there will be a "Caller Machine Name" which will tell you the machine which generated the lockout event.

      You then need to enable security auditing on the workstation for login failures etc (make your security log HUGE) and then use EventCombNT to scour the security event logs to try to figure out what's going on.

      Usual culprits are cached passwords in web apps, mapped drives with explicit credentials which have since expired, scheduled tasks with explicit credentials.

      Other culprits (harder to track down) are scripts running on servers, machines locked in a cupboard which have been logged in with that user ID for six months... etc etc etc.


      Tom
      For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

      Anything you say will be misquoted and used against you

      Comment


      • #4
        Re: Script to unlock account?

        To unlock the user you can use this script 'IsUserLocked.vbs' by Richard L. Mueller MVP.


        Similar Thread
        User keeps getting locked out.



        \Rems

        This posting is provided "AS IS" with no warranties, and confers no rights.

        __________________

        ** Remember to give credit where credit's due **
        and leave Reputation Points for meaningful posts

        Comment


        • #5
          Re: Script to unlock account?

          nice one, will give that script a go.

          thanks for the rapid assistance everyone.

          Comment


          • #6
            Re: Script to unlock account?

            You can also use a tool called account lock out status to monitor who is locking the account. One i resolved the issue using the same tool. Hope that will help you.
            Thanks & Regards
            v-2nas

            MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
            Sr. Wintel Eng. (Investment Bank)
            Independent IT Consultant and Architect
            Blog: http://www.exchadtech.blogspot.com

            Show your appreciation for my help by giving reputation points

            Comment


            • #7
              Re: Script to unlock account?

              Originally posted by v-2nas View Post
              You can also use a tool called account lock out status to monitor who is locking the account. One i resolved the issue using the same tool. Hope that will help you.
              This tool will simply tell you the fact that the account is locked and the date and time it occurred on each DC. The DC it occurs on earliest is the one which will contain the 644 event.


              Tom
              For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

              Anything you say will be misquoted and used against you

              Comment

              Working...
              X