PowerShell Logo Small

Unlock-ADAccount



This is the built-in help made by Microsoft for the command 'Unlock-ADAccount', in PowerShell version 3 - as retrieved from Windows version 'Microsoft Windows Server 2012 Standard' PowerShell help files on 2016-06-23.

For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.

SYNOPSIS

Unlocks an Active Directory account.

SYNTAX


Unlock-ADAccount [-Identity] <ADAccount> [-AuthType <ADAuthType>] [-Credential <PSCredential>] [-Partition <String>] [-PassThru
[<SwitchParameter>]] [-Server <String>] [-Confirm [<SwitchParameter>]] [-WhatIf [<SwitchParameter>]] [<CommonParameters>]



Search powershellhelp.space

DESCRIPTION


The Unlock-ADAccount cmdlet restores Active Directory Domain Services (AD DS) access for an account that is locked. AD DS access is suspended
or locked for an account when the number of incorrect password entries exceeds the maximum number allowed by the account password policy.


The Identity parameter specifies the Active Directory account to unlock. You can identify an account by its distinguished name (DN), GUID,
security identifier (SID) or Security Accounts Manager (SAM) account name. You can also set the Identity parameter to an account object
variable such as $<localADAccountObject>, or you can pass an object through the pipeline to the Identity parameter. For example, you can use
the Search-ADAccount cmdlet to get an account object and then pass the object through the pipeline to the Unlock-ADAccount cmdlet to unlock
the account. Similarly, you can use Get-ADUser and Get-ADComputer to get objects to pass through the pipeline.


For AD LDS environments, the Partition parameter must be specified except when: - Using a DN to identify objects: the partition will be
auto-generated from the DN. - Running cmdlets from an Active Directory provider drive: the current path will be used to set the partition.
- A default naming context or partition is specified.


To specify a default naming context for an AD LDS environment, set the msDS-defaultNamingContext property of the Active Directory directory
service agent (DSA) object (nTDSDSA) for the AD LDS instance.



<

RELATED LINKS

Online Version: http://go.microsoft.com/fwlink/?LinkID=219360
Clear-ADAccountExpiration
Disable-ADAccount
Enable-ADAccount
Get-ADAccountAuthorizationGroup
Search-ADAccount
Set-ADAccountControl
Set-ADAccountExpiration
Set-ADAccountPassword

REMARKS

<

Examples


-------------------------- EXAMPLE 1 --------------------------

C:\PS>Unlock-ADAccount -Identity KimAb



Description

-----------

Unlocks the account with SamAccountName: KimAb.




-------------------------- EXAMPLE 2 --------------------------

C:\PS>Unlock-ADAccount -Identity "CN=Kim Abercrombie,OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM"



Description

-----------

Unlocks the account with DistinguishedName: "CN=Kim Abercrombie,OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM".