Burwell.tech

Locate Pervasive Lockouts of AD Accounts

As you work through this VERY USEFUL script, remember to read the notes!

'Get-ADUsers-LockSource.ps1'
#You can use PowerShell to search the Security event log for lockout events. Here's a script that will do this:


# Define the username and the event ID for account lockouts
$userName = "YourUserName" #<-- put the SamAccountName field here
$eventID = 4740

# Get the lockout event from the Security log
$lockoutEvent = Get-WinEvent -ComputerName "ServerName" -FilterHashtable @{Logname='Security'; Id=$eventID} | Where-Object {$_.Properties[0].Value -eq $userName} #<-- note the DC is the ComputerName

# If a lockout event was found, display the details
if ($lockoutEvent) {
    $lockoutSource = $lockoutEvent.Properties[1].Value
    Write-Output "The account $userName was locked out by $lockoutSource."
} else {
    Write-Output "No lockout event found for user $userName."
}

<#Replace `"YourUserName"` with the username you're interested in. This script searches the Security event log for event ID 4740, which corresponds to account lockouts. If it finds a lockout event for the specified user, it displays the source of the lockout.
#Replace `"ServerName"` with the Domain Controller last locked out on, like  "burwelldc01.burwell.tech"
. You find this using the tool LockOutStatus.exe from the Microsoft ALtools.zip.
#>
<#**Disclaimer:** This script is provided as is, without warranty of any kind. Use of this script is at your own risk. Always test scripts in a controlled environment before deploying them in production. The user assumes all risk for any damages whatsoever resulting from loss of use, data, or profits arising in connection with the use or performance of this script. The user must determine whether this script sufficiently meets the user's requirements. This script may not be sold or incorporated into any other software product without express written consent of the author. The author reserves the right to make changes to this script without notice. This script is not a Microsoft or Burwell.tech product and is not endorsed by either. It is provided freely for the benefit of the community. If you use this script, please consider giving credit to the author, who has put a lot of time and effort into its creation.#>

Posted

in

, ,

by

PatrickBurwell

Tags:

, , , , , ,