Active Directory Query: list locked user accounts

Are you looking for a quick and easy way to find all locked user accounts?

You can reach this goal with an Active Directory Query. Just follow this short step-by-step guide:

Active Directory Query: list locked user accounts

  • connect to a Domain Controller
  • open Active Directory Users & Computers
  • right-click “Saved Queries” -> New -> Query
  • provide a name for your query

Query locked user accounts active directory

  • select “Define Query…”
  • change to “Advanced” and enter the following LDAP query:

(&(&(&(objectCategory=Person)(objectClass=User)(lockoutTime>=1))))

Query find all locked user accounts in active directory

  • press OK and close the “Edit Query” window

All locked users should now be listed in the right window!

Leave a Comment

Your email address will not be published. Required fields are marked *