There is a script that contains an unlock functionality.
unlock.js
SCRIPT
//********************************************************************************
// THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND,
// EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED
// WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.
//
// IF YOU WANT THIS FUNCTIONALITY TO BE CONDITIONALLY SUPPORTED,
// PLEASE CONTACT ONE IDENTITY PROFESSIONAL SERVICES.
//*********************************************************************************
function SafeArray(arr)
{
var d = new ActiveXObject("Scripting.Dictionary");
if (arr == null) return null;
if (typeof arr != 'object' || arr.constructor != Array)
arr = [arr];
for (var i = 0; i < arr.length; i++)
d.Add(i, arr);
return d.Items()
}
var userDn = "CN=manager,CN=Users,DC=adme,DC=com";
WScript.Echo("Locked: " + IsLock(userDn));
WScript.Echo("Locked date: " + LockDate(userDn));
WScript.Echo("Unlock: " + Unlock(userDn));
function /* bool */ IsLock(userDn)
{
try
{
var user = GetObject("LDAP://" + userDn);
user.GetInfoEx(SafeArray("lockoutTime"), 0);
var lctimeLInt = user.Get("lockouttime");
if ((lctimeLInt.lowpart == 0) && (lctimeLInt.highpart == 0))
return false;
return true
}
catch(e)
{
if (((e.number >>> 16) * 0x10000 + (e.number & 0xFFFF)) == /* property not found */ 0x8000500D)
return false;
throw e
}
}
function /* bool */ Unlock(userDn)
{
var user = GetObject("LDAP://" + userDn);
user.GetInfoEx(SafeArray("lockoutTime"), 0);
user.Put("lockoutTime", 0);
user.SetInfo();
return (! IsLock(userDn))
}
function /* date | null */ LockDate(userDn)
{
if (!IsLock(userDn)) return null;
var user = GetObject("LDAP://" + userDn);
user.GetInfoEx(SafeArray("lockoutTime"), 0);
var lctimeLInt = user.Get("lockouttime");
var sMSec = -11644484400000; // Date.parse("1/1/1601 0:00:00") // ("January 1, 1601 0:00 AM")
var vMSec = lctimeLInt.highpart * Math.pow(2, 32); // << 32
vMSec = (vMSec + lctimeLInt.lowpart) / 10000;
return (new Date(sMSec + vMSec))
}
//***** END OF CODE ***************************************************************
lock.bat
//********************************************************************************
// THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND,
// EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED
// WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.
//
// IF YOU WANT THIS FUNCTIONALITY TO BE CONDITIONALLY SUPPORTED,
// PLEASE CONTACT ONE IDENTITY PROFESSIONAL SERVICES.
//*********************************************************************************
//Sample .bat file for locking a user (when there is a policy lock on a user in the case 3 failed password attempts)
@echo off
set acc=manager
echo Lock account: %acc%
net use \\127.0.0.1 /user:%acc% wrongpassword
net use \\127.0.0.1 /user:%acc% wrongpassword
net use \\127.0.0.1 /user:%acc% wrongpassword
//***** END OF CODE ***************************************************************