unlocking Locked user accounts on Active Directory using Python ldap module

I recently implemented password reset on AD using python ldap module.

This involved passing modified attributes in this manner:

add_pass = [(ldap.MOD_REPLACE, "unicodePwd", )]

This worked since the passwords on AD are stored in attribute "unicodePwd".

开发者_开发知识库

Now I want to unlock a locked user account but I cannot find the attribute that must be changed to achieve the same.

Could you guys please tell me which attribute I have to change?

---

To unlock a user, you need to set the lockoutTime attribute to 0.

---

Have a look to userAccountControl attribute ADS_UF_ACCOUNTDISABLE flag which allow tu unable a disabled account.

----EDITED------

@Brrian Desmond is true to unlock a user, you need to set the lockoutTime attribute to 0.

---

def unlock_account_ad(message):
    c.bind()
    unlock_account = c.extend.microsoft.unlock_account(user='cn=' + message + ', 
                                                 ou=%OU%, dc=%domain%, dc=%DC%')
    c.unbind()