You can use the following on a domain controller to check the properties of a user account. This account is currently locked out on this Active Directory Domain Controller.Īdministrators can also use PowerShell to query an Active Directory account, and check its status. You will see the following message if an account is locked out: How can administrators check to see if an Active Directory account is locked out? In ADUC, navigate to the properties of the user, then the Account tab.
The Account Lockout Policy deters cybercriminals performing brute force attacks against Active Directory accounts, but this feature can cause a huge headache on a sysadmin and the IT team when an impatient end-user is looking for a workaround.īelow is an example of what an end-user sees when they’re in the ALP lockout purgatory. Once the account is locked out, it cannot be used (even with the correct password) until the account lockout duration has passed or until an administrator manually unlocks the account. The Account Lockout Policy in Active Directory Group Policy sets the number of failed sign-in attempts before a user account is locked out.
How to check if an AD account is locked out