PowerShell Checking locked user in ActiveDirectory

Question

Do you know if possible and how I can check if a user is locked in ActiveDirectory without installing the ActiveDirectory module? There is a constraint of installing things on a machine and I was wondering if another function can be use for this, different than Get-ADUser. Thank you!

Use the ADSI provider. Not a duplicate but a reference :http://stackoverflow.com/questions/2585205/unlocking-locked-out-accounts-using-powershell-not-with-quest-ad-cmdlets — Matt, Mar 19 '15 at 11:16

score 1 · Answer 1 · answered Mar 19 '15 at 11:24

something like this:

$sAMAccountName = "testuser"
$ADS_UF_LOCKOUT = 16    
$Attribute = "msds-user-account-control-computed"    
$ADSearcher = New-Object System.DirectoryServices.DirectorySearcher
$ADSearcher.PageSize = 1000
$ADSearcher.Filter = "samaccountname=$sAMAccountName"
$User = $ADSearcher.FindOne()    
$MyUser = $User.GetDirectoryEntry()
$MyUser.RefreshCache($Attribute)    
$UserAccountFlag = $MyUser.Properties[$Attribute].Value    
if ( $UserAccountFlag -band $ADS_UF_LOCKOUT )
{
Write-host "Account $sAMAccountName is locked"
}
else
{
Write-host "Account $sAMAccountName isn't locked"
}

score 0 · Answer 2 · answered Mar 19 '15 at 11:21

0

Look at dsquery, that is cmd but can be called from Powershell https://technet.microsoft.com/en-us/library/cc732952.aspx

answered Mar 19 '15 at 11:21

Get-Sleep

34
3

Thank you a lot! This works for me on some other issues. – milano.churchill Apr 03 '15 at 12:45

PowerShell Checking locked user in ActiveDirectory

2 Answers2