Hi, How do I grant a spesific user to unlock user account without making them domain admins or other administrative privilege on domain? Currently our client using windows XP, and Domain Using Windows Server 2003. Already try to do th http://support.microsoft.com/kb/279723 and http://support.microsoft.com/kb/294952. But still no luck. When i try to unlock a user account using this commad net user guruhs1 /domain /active:yes it say "System Error 5 has occured. Access is denied"G

On Wed, 20 Apr 2011 06:26:31 +0000, Softholic wrote: How do I grant a spesific user to unlock user account without making them domain admins or other administrative privilege on domain? Currently our client using windows XP, and Domain Using Windows Server 2003. Already try to do th http://support.microsoft.com/kb/279723 and http://support.microsoft.com/kb/294952. But still no luck. When i try to unlock a user account using this commad net user guruhs1 /domain /active:yes it say "System Error 5 has occured. Access is denied" The /active switch for net user toggles between an account being disabled or enabled, which is not the same thing as an account being locked. Paul Adare MVP - Identity Lifecycle Manager http://www.identit.ca %Network: The occupation of a fisherman.

Hi Paul, Can you show me the script/code or explain me how to unlock user account from a spesific user I granted?G

Hi, It works Now. I am using this script to unlock user account. username=inputbox("Enter username:") if username = "" then wscript.quit ldapPath = FindUser(username) if ldapPath = "Not Found" then wscript.echo "User not found!" else set objUser = getobject(ldapPath) if isAccountLocked(objUser) then objuser.put "lockoutTime", 0 objUser.setinfo wscript.echo "Account Unlocked" else wscript.echo "This account is not locked out" end if end if Function FindUser(Byval UserName) on error resume next set objRoot = getobject("LDAP://RootDSE") domainName = objRoot.get("defaultNamingContext") set cn = createobject("ADODB.Connection") set cmd = createobject("ADODB.Command") set rs = createobject("ADODB.Recordset") cn.open "Provider=ADsDSOObject;" cmd.activeconnection=cn cmd.commandtext="SELECT ADsPath FROM 'LDAP://" & domainName & _ "' WHERE sAMAccountName = '" & UserName & "'" set rs = cmd.execute if err<>0 then wscript.echo "Error connecting to Active Directory Database:" & err.description wscript.quit else if not rs.BOF and not rs.EOF then rs.MoveFirst FindUser = rs(0) else FindUser = "Not Found" end if end if cn.close end function Function IsAccountLocked(byval objUser) on error resume next set objLockout = objUser.get("lockouttime") if err.number = -2147463155 then isAccountLocked = False exit Function end if on error goto 0 if objLockout.lowpart = 0 And objLockout.highpart = 0 Then isAccountLocked = False Else isAccountLocked = True End If End Function Thanks for your advice paul.G

Great sharing.Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.