Re: Unlocking AD Accounts
- From: "Richard Mueller [MVP]" <rlmueller-nospam@xxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 26 Nov 2007 15:43:07 -0600
Dr. Furrfu wrote:
I'm having an issue with unlocking user accounts in AD.
I've delegated the right to unlock accounts to the Helpdesk global group.
If a member of the Helpdesk group tries to unlock the account going
through the MMC, it is successful.
If a member of the Helpdesk group tries to unlock the account by using the
command:
net user userid /active:yes /domain
it is unsuccessful. The following error message is returned:
System error 5 has occurred.
Access is denied.
I'd like the group to use the NET command. I don't see any errors in the
event log.
Has anyone come across this before?
I believe the /active: option either disables or enables the account. It
does not unlock it. I don't see where this command can unlock an account.
If it helps I have an example VBScript program that can unlock user
accounts. It prompts for a user name (the pre-Windows 2000 logon name) then
indicates if the account is locked out. If it is, the program indicates when
the domain policy will unlock the account and asks if you want to unlock the
account. The program is linked here:
http://www.rlmueller.net/IsUserLocked.htm
--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--
.
- Follow-Ups:
- Re: Unlocking AD Accounts
- From: Dr. Furrfu
- Re: Unlocking AD Accounts
- References:
- Unlocking AD Accounts
- From: Dr. Furrfu
- Unlocking AD Accounts
- Prev by Date: Re: How should we do it with ADFS?
- Next by Date: Re: Upgrade 2000 AD to 2003
- Previous by thread: Unlocking AD Accounts
- Next by thread: Re: Unlocking AD Accounts
- Index(es):
Relevant Pages
|
