Is there a way to query the domain for "locked out" users using DOS commands or vbscript?

Thanks.

Yes you can do a ldifde command or you can write a script to search for the lockout.

The field your looking for : ISACCOUNTLOCKED

set conn = createobject("ADODB.connection")
conn.provider = "ADsDSOObject"
conn.open "Active Directory Provider"
set rs = conn.execute("Select * from 'LDAP://dc=yourdomain,dc=yourcom,dc=com' where isaccountlocked='True'")

if rs.recordcount <> 0 then
cn = rs.fields(0).value
set onew = getobject(cn)
onew.SetPassword info(2)
onew.AccountDisabled = FALSE
onew.IsAccountLocked = FALSE
onew.lockoutTime = 0
onew.SetInfo
end if

This also Binds to the the user and flips the information back so the account is not disabled and unlocked.

Hope this helps.

Michael McLaughlin/images/forums/icons/smile.gif
Systems Manager
Minnesota State University Mankato