Fix Locked Active Directory Account on MacOS

If you ever get the “Your Account is Locked” message in MacOS with an AD user account, these steps solved the issue for me. You’ll need access to the admin account and the locked user’s account credentials.

• Log in as computer admin
• Rename the user’s profile so we can restore from it later bash sudo mv /Users/username /Users/usernameX
  • You may need to grant Terminal permissions for this. Navigate to System Preferences > Security & Privacy. Under the “Full Disk Access” settings you’ll check the box to allow Terminal.
• Delete the user account from System Preferences > Users & Groups
• Manually create a new mobile account for the user bash sudo /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -n username
• Ensure that the Directory Services Cache has the user account bash sudo dscacheutil -q user -a name username
• Stop the trust account password from changing bash sudo dsconfigad -passinterval 0
• Log in as the new user to create their mobile account
  • Login
  • Enter the username
  • Password
  • Enter the user’s password
• Remove the new user home directory bash sudo mv /Users/username /Users/username_Del
• Restore the old user home directory bash sudo mv /Users/usernameX /Users/username
• Restart the computer

You should now be able to log in as the Active Directory user.

Credit to this helpful user on the Apple forums.