Unlocking Active Directory account via VBscript does not cause Event ID

Question

I have a VB script that unlocks an AD account when run, this is the relevant part:

...
If objUser.Isaccountlocked = True Then 
    objUser.IsAccountLocked = False 
    objUser.SetInfo 
End If 
...

It all works, but it does not create an event in the AD Event log.

Of course, unlocking the account "by hand" in "AD users and computers" creates a 4767 event ("A user account was unlocked.")

Does unlocking by script create some other event ID? Or really nothing at all?

Thank you very much.

score 0 · Answer 1 · answered Feb 22 '18 at 11:34

Event 4767 is added by AD Users and Computers not by the domain and is recorded even if the account wasn't locked in the first place.

Editing AD data directly, as you are doing in your script doesn't generate these audit event log entries.

You can either log the entry in your script or, I suggest, finding some other way to do what you're doing.

1 Answers1