Simple way to check if an AD account is locked

I use a lot of service accounts when I develop an application (for DB access, web service access, external api access).

Sometimes (with multiple hands in a project) a service account can become locked.  So a co-worker pointed me to a command to run on the command line to check if an account is locked.  It’s much easier then getting the AD tools installed or even waiting for them to startup (like if you have a big forest).

Just type this command and you will get a bunch of info about the account (like what groups they are in).  The account active will let you know if it locked or not.
Be aware that domain admins can lock this info down so you may not find out if the account is locked out or now.

net user /domain <username>


Where can I find Active Directory Tools

In order to get the option to manage users, computers, etc in AD you need to have the AD tools installed.
This is a 2 step process.

The first step is you need to install the Remote Server Administration Tools for Windows 7 with SP 1.

The second step is to enable the AD tools in control.
From the control panel, click Programs and Features.
Select Turn Windows Features on or off (on the left side)

Under Remote Server Administration Tools –> Role Administration Tools, select AD DS and AD LDS Tools.
Select the Active Directory Administrative Center.
Click Ok.


Now under the Start menu –> Administrative Tools you will find your AD tools