Set User Status in AD

Help
, ,
1

I am new to creating RPA’s and I am currently trying to use a bot to unlock user accounts in AD. The bot runs with no errors but does not unlock the account. Am I mistaken in thinking that “Set User Status” does not unlock/change the status of the account? I have rights to unlock the account and I am using credentials for that purpose. See screenshots below.

SetUserStatus Remains Unchanged

SetUserStatus to Unlocked
SetUserStatus to Unlocked901×727 25 KB

As can be seen from the images (output) we check the user status both before and after the Set User Status and the account remains in a locked state. Thanks for your help in advance.

1 Like
2

Did you check the user in the AD manually to see if it didnt really change the status? maybe is just a cache issue…

3

Yes I visually checked in AD to see if account unlocked but it is still showing locked.

4

Do you have a simple AD environment or complicated one that could take some time to sync and show changes?

5

The environment is not very large and I gave it a week to see if maybe there was some delay. In my mind it shouldn’t take more than 24 hours and even that seems like a long time. From previous experience it usually only takes about 15 minutes to register the change on this network.

6

Oh ok, if you have experience with it, can you try doing this change using the Invoke Code activity just to see if that AD package may have some bugs? Also i assume you are sure you are using the latest version of this package.

7

I haven’t used that before but will give it a shot after I look it up to see how it works. LOL

8

The code inside it should look somewhat like this one:

Dim RootDSE As New DirectoryServices.DirectoryEntry(“LDAP://RootDSE”)
Dim DomainDN As String = RootDSE.Properties(“DefaultNamingContext”).Value
Dim ADEntry As New DirectoryServices.DirectoryEntry(“LDAP://” & DomainDN)
Dim ADSearch As New System.DirectoryServices.DirectorySearcher(ADEntry)

    Dim ADSearchResult As System.DirectoryServices.SearchResult
    ADSearch.Filter = ("(samAccountName=" & UserID & ")")
    ADSearch.SearchScope = System.DirectoryServices.SearchScope.Subtree
    Dim UserFound As System.DirectoryServices.SearchResult = ADSearch.FindOne()
    If Not IsNothing(UserFound) Then

        Dim Attrib As String = "msDS-User-Account-Control-Computed"
        Dim User As System.DirectoryServices.DirectoryEntry
        User = UserFound.GetDirectoryEntry()
        User.RefreshCache(New String() {Attrib})
        Const UF_LOCKOUT As Integer = &H10
        Dim Flags As Integer = CInt(Fix(User.Properties(Attrib).Value))

        If Convert.ToBoolean(Flags And UF_LOCKOUT) Then
            Console.WriteLine("Account is locked out")
            'Unlock account
            User.Properties("LockOutTime").Value = 0
            User.CommitChanges()
            Console.WriteLine("Account is now unlocked")
        Else
            Console.WriteLine("Account is not locked out")
        End If
    End If
9

Thank you!

10

Hi @kevin.babbit , did you manage to solve this issue ? we are facing similar issue as well… Can you please share the solution if its resolved

11

as the things progressed also have a look here: