PowerShell Logo Small

Unlock-ADAccount



This is the built-in help made by Microsoft for the command 'Unlock-ADAccount', in PowerShell version 5 - as retrieved from Windows version 'Microsoft Windows Server 2012 R2 Standard' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.

SYNOPSIS

Unlocks an Active Directory account.

SYNTAX


Unlock-ADAccount [-Identity] <ADAccount> [-AuthType {Negotiate | Basic}] [-Credential <PSCredential>] [-Partition <String>] [-PassThru] [-Server <String>] [-Confirm]
[-WhatIf] [<CommonParameters>]



Search powershellhelp.space

DESCRIPTION


The Unlock-ADAccount cmdlet restores Active Directory Domain Services (AD DS) access for an account that is locked. AD DS access is suspended or locked for an account when
the number of incorrect password entries exceeds the maximum number allowed by the account password policy.


The Identity parameter specifies the Active Directory account to unlock. You can identify an account by its distinguished name (DN), GUID, security identifier (SID) or
Security Accounts Manager (SAM) account name. You can also set the Identity parameter to an account object variable such as $<localADAccountObject>, or you can pass an
object through the pipeline to the Identity parameter. For example, you can use the Search-ADAccount cmdlet to get an account object and then pass the object through the
pipeline to the Unlock-ADAccount cmdlet to unlock the account. Similarly, you can use Get-ADUser and Get-ADComputer to get objects to pass through the pipeline.


For AD LDS environments, the Partition parameter must be specified except when:

-- Using a DN to identify objects: the partition will be auto-generated from the DN.
-- Running cmdlets from an Active Directory provider drive: the current path will be used to set the partition.
-- A default naming context or partition is specified.


To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object
(nTDSDSA) for the AD LDS instance.



<

RELATED LINKS

Online Version: http://go.microsoft.com/fwlink/p/?linkid=291136
Clear-ADAccountExpiration
Disable-ADAccount
Enable-ADAccount
Get-ADAccountAuthorizationGroup
Search-ADAccount
Set-ADAccountControl
Set-ADAccountExpiration
Set-ADAccountPassword

REMARKS

<

Examples


-------------------------- EXAMPLE 1 --------------------------

PS C:\>Unlock-ADAccount -Identity KimAb



This command unlocks the account with SamAccountName KimAb.




-------------------------- EXAMPLE 2 --------------------------

PS C:\>Unlock-ADAccount -Identity "CN=Kim Abercrombie,OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM"



This command unlocks the account with DistinguishedName CN=Kim Abercrombie,OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM.