No announcement yet.

Unlock AD account across multiple domain controllers quickly.

  • Filter
  • Time
  • Show
Clear All
new posts

  • Unlock AD account across multiple domain controllers quickly.

    At work once an AD account gets locked we have to unlock them individually across about 6 Domain Controllers. This means selecting File > Change Domain Controller each time to select each individual DC and unlock the account there. Holy Jupiter!!! somebody please tell me there's a faster way to do this.

    btw, if you open the AD account properties and just place checkmark on "unlock account" it only unlocks the account on the already selected DC.

    I'm still hunting around the web for a faster way to do this but please guys if you have any knowledge on that answer feel free to jump in the discussion.

  • #2
    Something is wrong with AD. Account locks should replicate immediately to all DCs and unlocks should replicate quickly as well (not immediately IIRC but within normal replication schedules)

    IMHO start with troubleshooting AD replication:
    Sites set up
    KCC running OK
    All changes replicating
    PDC Emulator correctly placed and available
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    IT Trainer / Consultant
    Ossian Ltd

    ** Remember to give credit where credit is due and leave reputation points where appropriate **


    • #3
      Account unlocks are immediately replicated to the PDCe and then urgently replicated to all other DC's in the same site. If you have multiple sites then you should unlock the account on a DC in the same site as the user. You can enable Inter-site Change Notification on your site links to allow for immediate and urgent replication between sites. Note that this will cause AD to treat the link as if it were in the same site, governed by the same "rules" that all same site DC's follow regarding replication, which may be a concern if your sites are connected by slow links or links that are only available at certain times of the day or week.


      • #4
        There is a tool you can download Unlock.exe. It's command line and you can specify multiple domain controllers.