Tuesday, January 27, 2009

Net User Command for Unlocking the Disabled AD Domain accounts

it has been 6 day since our network was hit by W32.Downadup.B

this is a very NASTY virus it disables all the accounts in Active directory (AD)

It was becoming pain in the neck enablink all 70 accounts one by one from console. the accounts gets disabled even before I reached the halfway mark. it was frustrating. 

then i  remembered that there is a command  to handel AD  related tasks, and with the same we can enable the locked accounts.

so i searched the net and got this command

NET USER Domain\login name /Domain /ACTIVE:YES

but this command was not working... did lot of combinations but still it didnt work... all the resources i could find on the net they were leading to this command only.

Then finally after reading at Microsoft site the detailed help regarding this command i got the solution....

The Correct command is:


eg if user is "ABC" an domain is "mydomain.com"  then the command becomes

NET USER abc /mydomain /ACTIVE:YES

I created a batch file of all the users login name and then had it scheduled to run every 1 minute from 3 servers ( this command can be run from any mahine in domain provided you have administrator equal login rights)

I am still trying to get solution to remove this virus from my Network.. will post my results when ever i am successfull in doing so...

have a nice day.

Outlook SSL Security Alert Certificate Name is Invalid

Our Exchange Certificate expired and we had to renew the SSL. after deploying the new SSL, some users started getting SSL security Alert on...