This article explains about the various ways to unlock Active Directory user accounts using PowerShell. You can report on and unlock a single account or all accounts. You will either need to be running PowerShell on a domain controller or have the RSAT tools installed on a Windows 10, 11 or management server for this to work.
Table of Contents
Find Locked AD User Accounts
Run the Search-ADAccount command with the LockedOut switch in order to report on the AD accounts that are currently locked out in your domian.
Search-ADAccount -LockedOut
Once you have a list of user accounts that are in a locked state, you can either unlock the account of your choice or all of them in one go.
How To Unlock A Single AD Account
Use the command Unlock-ADAccount command with the ‘identity’ parameter to unlock a single account.
Unlock-ADAccount -identity 'username'
You can also use the ‘confirm’ switch to be prompted to check the user details before you unlock the account. The prompt will list the distinguished name of the account which will give you more details.
Unlock-ADAccount -identity 'username' -confirm

Run the command below to confirm that the account has been unlocked.
Get-ADUser cloudiffic -Properties * | Select-Object LockedOut
How To Unlock Multiple AD Accounts
You can use the Search-ADAccount command and pipe it to Unlock-ADAccount if you want to unlock all the accounts in one go.
Search-ADAccount -LockedOut | Unlock-ADAccount

How To Unlock Only Enabled AD Accounts
You may not want to unlock all locked out accounts, especially if they are disabled as well. Accounts are disabled for a reason and there is no reason to unlock those accounts.
Run the command below if you want to only unlock accounts that are in enabled state.
Search-ADAccount -LockedOut | Where-Object {$_.Enabled -eq $true} | Unlock-ADAccount
Please do let me know if you want help with covering any other scenario to unlock the accounts.