Direct Inward Dialing: +1 408 916 9892
User account lockouts are one of the most common issues handled by the system administrators on a day-to-day basis. Windows PowerShell can be used to obtain account lockout events of a user but it is a tedious process. Using third-party tools like ADAudit Plus, it is possible to get comprehensive reports in a jiffy. The following is a comparison between obtaining an AD user's account lockout history report with Windows PowerShell and ADAudit Plus:
$ErrorActionPreference = "SilentlyContinue" Clear-Host $User = Read-Host -Prompt "Please enter a user name" #Locate the PDC $PDC = (Get-ADDomainController -Discover -Service PrimaryDC).Name #Locate all DCs $DCs = (Get-ADDomainController -Filter *).Name #| Select-Object name foreach ($DC in $DCs) { Write-Host -ForegroundColor Green "Checking events on $dc for User: $user" if ($DC -eq $PDC) { Write-Host -ForegroundColor Green "$DC is the PDC" } Get-WinEvent -ComputerName $DC -Logname Security -FilterXPath "*[System[EventID=4740 or EventID=4625 or EventID=4770 or EventID=4771 and TimeCreated[timediff(@SystemTime) <= 3600000]] and EventData[Data[@Name='TargetUserName']='$User']]" | Select-Object TimeCreated,@{Name='User Name';Expression={$_.Properties[0].Value}},@{Name='Source Host';Expression={$_.Properties[1].Value}} -ErrorAction SilentlyContinue }
Screenshot
Following are the limitations to obtain a report of account lockout history using native tools like Windows PowerShell:
ADAudit Plus will generate the report by automatically scanning all DCs in the domain to retrieve the account lockout history of the users in a simple and intuitively designed UI.