Unlock User Account on Different Domain Controllers

When we are working in a large company having many multiple domain controllers running. In this situation if a user is complaining again and again for his/her account being getting locked again and again then you need to do in depth analysis to find the root cause.

Some time it happened that user has saved his old password at remote computer and his account is getting locked form that remote computer. To make troubleshooting more easy, Microsoft has created a tool for this. The tool is called LockOutStatus.

Goto https://www.microsoft.com/en-pk/download/details.aspx?id=18465 to download the toool

Once downloaded, run the setup.

After completion of Setup, Tool will be available at C:\Program Files (x86)\Windows Resource Kits\Tools

Launch the application lockoutstatus. It will open up the following application.

Now click on file and select Target. Enter the user id of users whose password is getting locked out.

Enter the information and click Ok. It will show up the information of account.

It shows the following infomaiton for account locked status.

  • The status of the Bad Pwd Count attribute on different DCs. The Bad Pwd Count attribute is an AD user object attribute that stores the number of times a user entered a bad or wrong password.
  • The date and time a bad password was last entered.
  • The date and time the password was last set.
  • The date and time the account was locked out.
  • The name of the DC that locked the account in the “originating lock” field (this is the DC that wrote to the Lockouttime attribute of the user account).

Leave a Reply