Yes, crazy that this can happen. But sometimes you just have to live by other people’s (i.e the sysadmin’s) rules.
Here’s some VBScript on making sure a service account stays unlocked. You can schedule it to run periodically. The account it’s run as needs permission to unlock the service account, obviously.
Set objUser = GetObject(“LDAP://CN=user1, CN=Users, DC=dc1 DC=contoso, DC=com”)
If IsLockedOut(objUser) Then
objUser.Put “lockouttime”,“0”
objUser.SetInfo
wscript.echo Date() & “ ” & Time() &“ - user has been unlocked - ” & objUser.sAMAccountName
End If
Function IsLockedOut(objUser)
on Error resume next
Set objLockout = objUser.get(“lockouttime”)
if Err.Number = E_ADS_PROPERTY_NOT_FOUND then
IsLockedOut = False
Exit Function
End If
On Error GoTo 0
if objLockout.lowpart = 0 And objLockout.highpart = 0 Then
IsLockedOut = False
Else
IsLockedOut = True
End If
End Function
Comments
Good job for sending me in the correct direction.
Excellent post, thanks for sharing.
Add new comment