Skip navigation
Menu
Compute Engines

JSI Tip 8549. How can I report all locked accounts?


Using DSQUERY from the Active Directory command-line tools, I have scripted AccountLocked.bat to report all user accounts that are currently locked.

The syntax for using AccountLocked.bat is:

AccountLocked

AccountLocked.bat interrogates the userAccountControl attribute by calling userAccountControl.bat, which must be in a folder that is in your PATH.

The output is displayed on the console, using the following format:

UserName UserDistinguishedName

AccountLocked.bat contains:

@echo off
setlocal
set qry=dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User))" -attr userAccountControl sAMAccountName distinguishedName -limit 0
for /f "Skip=1 Tokens=1,2*" %%a in ('%qry%') do (
 call :testit %%b "%%c" %%a
)
endlocal
goto :EOF
:testit
if "%3" EQU 0 goto :EOF
set user=%1
set dn=%2
call userAccountControl %3 string
set locked=N
for /f "Tokens=*" %%L in ('@echo %string%^|FIND "LOCKOUT"') do (
 set locked=Y
)
if "%locked%" EQU "N" goto :EOF
set dn=%dn:  =%
set dn=%dn: "="%
@echo %user% %dn%



Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
empty cockpit of autonomous car
What Is a Real-Time Operating System, and Who Needs One?
Mar 05, 2024
ERP button on keyboard
5 ERP Trends to Watch in 2024
Jan 17, 2024
automation key on keyboard
Storage Management as a Case Study for Network Automation Adoption
Dec 21, 2023
Abstract technology concept lighting effect on dark blue background
Top 10 Stories About Compute Engines, Linux in 2023
Dec 18, 2023