Automatically unlocking a service account in Active Directory

24 Nov 2013

Yes, crazy that this can happen. But sometimes you just have to live by other people’s (.i.e the sysadmin’s) rules. 

Here’s some VBScript on making sure a service account stays unlocked.  You can schedule it to run periodically.  The account it’s run as needs permission to unlock the service account, obviously.

  1.  
  2. Set objUser = GetObject(“LDAP://CN=user1, CN=Users, DC=dc1 DC=contoso, DC=com”)
  3.  
  4. If IsLockedOut(objUser) Then
  5. objUser.Put “lockouttime”,0
  6. objUser.SetInfo
  7. wscript.echo Date() & “ ” & Time() &- user has been unlocked -& objUser.sAMAccountName
  8. End If
  9.  
  10. Function IsLockedOut(objUser)
  11. on Error resume next
  12. Set objLockout = objUser.get(“lockouttime”)
  13. if Err.Number = E_ADS_PROPERTY_NOT_FOUND then
  14. IsLockedOut = False
  15. Exit Function
  16. End If
  17. On Error GoTo 0
  18. if objLockout.lowpart = 0 And objLockout.highpart = 0 Then
  19. IsLockedOut = False
  20. Else
  21. IsLockedOut = True
  22. End If
  23. End Function

 

Add new comment

The content of this field is kept private and will not be shown publicly.

Restricted HTML

  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h4 id> <h5 id> <h6 id>
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.

Get a quote in 24h

Wether a huge commerce system, or a small business website, we will quote the project within 24h of you pressing the following button: Get quote