In ADAC and the Unlock-ADAccount cmdlet, a different method to unlock a user account is implemented. This issue occurs because the user account does not have the write access to the UserAccountControl attribute. Note This issue does not occur when you use the Active Directory Users and Computers (ADUC) Microsoft Management Console (MMC) snap-in to unlock a user account. Insufficient access rights to perform the operation. Additionally, you receive the following error message:įailed to unlock user account. In this scenario, the account-unlocking operation fails.
Use the Unlock-ADAccount cmdlet at a Windows PowerShell prompt. Use Active Directory Administrative Center (ADAC). You try to unlock a user account by performing one of the following methods: You use the user account to log on the domain from the client computer or a Windows Server 2008 R2-based domain controller.
Remote Server Administration Tools (RSAT) is installed on a client computer that is running Windows 7 or Windows Server 2008 R2.Ī user account is delegated to be able to unlock user accounts in the domain.For more information about how to delegate the Unlock Account right, click the following article number to view the article in the Microsoft Knowledge Base:Ģ94952 How To Delegate the Unlock Account Right Less SymptomsĬonsider the following scenario in an Active Directory domain environment: Windows Server 2008 R2 Enterprise Windows Server 2008 R2 Standard Windows Server 2008 R2 Datacenter Windows Server 2008 R2 Foundation Windows 7 Enterprise Windows 7 Professional Windows 7 Ultimate More.