以下为批量解锁帐号的脚本, 其中有删选条件 大家可以自行更改.
 
'==================================================================================================================
'Creat by Xu Rui, for unlock company's AD accounts batch.
'==================================================================================================================
 
 
On Error Resume Next
Const ADS_SCOPE_SUBTREE = 2
 
Set oWshShell = WScript.CreateObject("WScript.Shell")
strCurrentDir = oWshShell.CurrentDirectory
strOutputFile = strCurrentDir&"\"&"UserUnlock_"&Year(Now)&Month(Now)&Day(Now)&Hour(Now)&Minute(Now)&Second(Now)&".csv"
 
strHead = "CN,Result"
 
Set objFSO = CreateObject("Scripting.FileSystemObject")
WriteFile strOutputFile,strHead
 
dim strBaseDN, strDNSDomain, oRootDSE
Set oRootDSE = GetObject("LDAP://rootDSE")
strBaseDN = "LDAP://" & oRootDSE.Get("defaultNamingContext")
 
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
 
 
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
 
objCommand.CommandText = _
"SELECT distinguishedName FROM '"& strBaseDN & "' where objectCategory='User'"
 
Set objRecordSet = objCommand.Execute
 
 
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
strcn = ""
strResult = ""
 
strDN = objRecordSet.Fields("distinguishedName").Value
Set objUser = GetObject("LDAP://" & strDN)
strcn = objUser.Get("cn")
If isAccountLocked(objUser) and len(strcn)=9 and  (Left(strcn,1)="3" or Left(strcn,1)="7" or Left(strcn,1)="8") THEN '删选条件请自行更改
'MsgBox strcn
objuser.put "lockoutTime", 0
objUser.setinfo
strError = Err.Number
Err.Clear
'MsgBox strError
If strError<>0 Then
strResult = "Failed"
Else
strResult = "Unlock"
End If
 
'MsgBox strcn&","&strResult
WriteFile  strOutputFile,strcn&","&strResult
End If
objRecordSet.MoveNext
Loop
 
objConnection.Close
 
'MsgBox "Finished"
 
'==========================================================================
FUNCTION IsAccountLocked(BYVAL objUserfunc)
     ON ERROR RESUME NEXT
SET objLockout = objUserfunc.GET("lockouttime")
 
IF err.number = -2147463155 THEN
isAccountLocked = FALSE
EXIT FUNCTION
END IF
ON ERROR GOTO 0
IF objLockout.lowpart = 0 AND objLockout.highpart = 0 THEN
isAccountLocked = FALSE
ELSE
isAccountLocked = TRUE
END IF
 
END FUNCTION
'==========================================================================
Function WriteFile(FilePath,strBody)
If objFSO.FileExists(FilePath)=false then objFSO.CreateTextFile(FilePath)
Set objOutPutFile = objFSO.OpenTextFile(FilePath, 8)
objOutPutFile.WriteLine strBody
objOutPutFile.Close
Set objOutPutFile = nothing
End Function
 
 
 
PS:查询所有锁定帐号可在dsa.msc中使用如下query, 拷贝存成.xml文件.
 

<QUERY><NAME>All Locked Users</NAME><DESCRIPTION></DESCRIPTION><DN></DN><FILTERLASTLOGON>-1</FILTERLASTLOGON><LDAPQUERY>(&amp;((objectclass=user)(lockouttime&gt;=1)))</LDAPQUERY><ONELEVEL>FALSE</ONELEVEL><COLUMNID>{057DD380-8A7E-4BD9-9B84-1C4532231C3B}</COLUMNID><DSQUERYUIDATA>030000000c00000043006f006d006d006f006e00510075006500720079000000020000000308000000480061006e0064006c00650072000000100000005ee6238ac231d011891c00a024ab2dbb030500000046006f0072006d00000010000000e33fee83d957d011b93200a024ab2dbb080000004400730051007500650072007900000002000000010900000056006900650077004d006f0064006500000004130000010d00000045006e00610062006c006500460069006c00740065007200000000000000170000004d006900630072006f0073006f00660074002e00500072006f0070006500720074007900570065006c006c0000000200000001060000004900740065006d007300000000000000020c0000005100750065007200790053007400720069006e006700000025000000280028006f0062006a0065006300740063006c006100730073003d007500730065007200290028006c006f0063006b006f0075007400740069006d0065003e003d003100290029000000</DSQUERYUIDATA></QUERY>