Create Service Account
⏱️5 minutes
Create the service account that AD Unlock connector will use to communicate with Active Directory.
Steps
1. Create the Account
Run this PowerShell script on your Domain Controller:
# Create AD Unlock service account
$password = Read-Host -Prompt "Enter password for svc_adunlock" -AsSecureString
New-ADUser `
-Name "AD Unlock Service" `
-SamAccountName "svc_adunlock" `
-UserPrincipalName "svc_adunlock@$((Get-ADDomain).DNSRoot)" `
-Description "Service account for AD Unlock connector" `
-AccountPassword $password `
-PasswordNeverExpires $true `
-CannotChangePassword $true `
-Enabled $true
Write-Host "Service account created: svc_adunlock" -ForegroundColor GreenUse a strong password (20+ characters). You’ll need this password when configuring the connector.
2. Verify Account Created
Get-ADUser -Identity svc_adunlock -Properties Description, PasswordNeverExpires
# Expected output:
# DistinguishedName : CN=AD Unlock Service,CN=Users,DC=company,DC=local
# Enabled : True
# Name : AD Unlock Service
# PasswordNeverExpires : True
# SamAccountName : svc_adunlock✅Expected Result
Account shows:
- Enabled: True
- PasswordNeverExpires: True
- SamAccountName: svc_adunlock
Account Settings Explained
| Setting | Value | Reason |
|---|---|---|
| PasswordNeverExpires | True | Prevents service interruption |
| CannotChangePassword | True | Account managed by IT only |
| No group memberships | Domain Users only | Least privilege |
| Description | Set | Easy to identify |
Alternative: Create via GUI
If you prefer Active Directory Users and Computers:
- Open Active Directory Users and Computers
- Right-click Users container → New → User
- Fill in:
- First name:
AD Unlock - Last name:
Service - User logon name:
svc_adunlock
- First name:
- Set password
- Check Password never expires
- Finish
🔧If Something Goes Wrong
| Symptom | Cause | Solution |
|---|---|---|
| Account creation fails | Insufficient permissions | Run as Domain Admin or Account Operator |
| UPN already exists | Duplicate account | Check if svc_adunlock already exists |
Next Step
Last updated on