Set User Status in AD

I am new to creating RPA’s and I am currently trying to use a bot to unlock user accounts in AD. The bot runs with no errors but does not unlock the account. Am I mistaken in thinking that “Set User Status” does not unlock/change the status of the account? I have rights to unlock the account and I am using credentials for that purpose. See screenshots below.

SetUserStatus Remains Unchanged

As can be seen from the images (output) we check the user status both before and after the Set User Status and the account remains in a locked state. Thanks for your help in advance.

1 Like

Did you check the user in the AD manually to see if it didnt really change the status? maybe is just a cache issue…

Yes I visually checked in AD to see if account unlocked but it is still showing locked.

Do you have a simple AD environment or complicated one that could take some time to sync and show changes?

The environment is not very large and I gave it a week to see if maybe there was some delay. In my mind it shouldn’t take more than 24 hours and even that seems like a long time. From previous experience it usually only takes about 15 minutes to register the change on this network.

Oh ok, if you have experience with it, can you try doing this change using the Invoke Code activity just to see if that AD package may have some bugs? Also i assume you are sure you are using the latest version of this package.

I haven’t used that before but will give it a shot after I look it up to see how it works. LOL

The code inside it should look somewhat like this one:

Dim RootDSE As New DirectoryServices.DirectoryEntry(“LDAP://RootDSE”)
Dim DomainDN As String = RootDSE.Properties(“DefaultNamingContext”).Value
Dim ADEntry As New DirectoryServices.DirectoryEntry(“LDAP://” & DomainDN)
Dim ADSearch As New System.DirectoryServices.DirectorySearcher(ADEntry)

    Dim ADSearchResult As System.DirectoryServices.SearchResult
    ADSearch.Filter = ("(samAccountName=" & UserID & ")")
    ADSearch.SearchScope = System.DirectoryServices.SearchScope.Subtree
    Dim UserFound As System.DirectoryServices.SearchResult = ADSearch.FindOne()
    If Not IsNothing(UserFound) Then

        Dim Attrib As String = "msDS-User-Account-Control-Computed"
        Dim User As System.DirectoryServices.DirectoryEntry
        User = UserFound.GetDirectoryEntry()
        User.RefreshCache(New String() {Attrib})
        Const UF_LOCKOUT As Integer = &H10
        Dim Flags As Integer = CInt(Fix(User.Properties(Attrib).Value))

        If Convert.ToBoolean(Flags And UF_LOCKOUT) Then
            Console.WriteLine("Account is locked out")
            'Unlock account
            User.Properties("LockOutTime").Value = 0
            User.CommitChanges()
            Console.WriteLine("Account is now unlocked")
        Else
            Console.WriteLine("Account is not locked out")
        End If
    End If

Thank you!