Phone Get Quote
US: +1 888 720 9500
US: +1 888 791 1189
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9892

How to generate and export users account lockout history report

User account lockouts are one of the most common issues handled by the system administrators on a day-to-day basis. Windows PowerShell can be used to obtain account lockout events of a user but it is a tedious process. Using third-party tools like ADAudit Plus, it is possible to get comprehensive reports in a jiffy. The following is a comparison between obtaining an AD user's account lockout history report with Windows PowerShell and ADAudit Plus:


Steps to obtain users account lockout history using PowerShell:

  • Identify the domain from which you want to retrieve the report.
  • Identify the LDAP attributes you need to fetch the report.
  • Identify the primary DC to retrieve the report.
  • Compile the script.
  • Execute it in Windows PowerShell.
  • The report will be exported in the given format.
  • To obtain the report in a different format, modify the script accordingly to the needs of the user.

Sample Windows PowerShell script

$ErrorActionPreference = "SilentlyContinue"
$User = Read-Host -Prompt "Please enter a user name"
#Locate the PDC
$PDC = (Get-ADDomainController -Discover -Service PrimaryDC).Name
#Locate all DCs
$DCs = (Get-ADDomainController -Filter *).Name #| Select-Object name
foreach ($DC in $DCs) {
Write-Host -ForegroundColor Green "Checking events on $dc for User: $user"
if ($DC -eq $PDC) {
    Write-Host -ForegroundColor Green "$DC is the PDC"
Get-WinEvent -ComputerName $DC -Logname Security -FilterXPath "*[System[EventID=4740 or EventID=4625 or EventID=4770 or EventID=4771 and TimeCreated[timediff(@SystemTime) <= 3600000]] and EventData[Data[@Name='TargetUserName']='$User']]" | Select-Object TimeCreated,@{Name='User Name';Expression={$_.Properties[0].Value}},@{Name='Source Host';Expression={$_.Properties[1].Value}} -ErrorAction SilentlyContinue
Click to copy entire script

ADAudit Plus

To obtain the report,

  • Login to ADAudit Plus web console as an administrator.
  • Navigate to the Reports tab and from the User Management section in the left pane, select Account Lockout Analyzer report.
  • Select the domain and click Generate .
  • Select Export As to export the report in any of the preferred formats (CSV, PDF, HTML, CSVDE and XLSX).



Following are the limitations to obtain a report of account lockout history using native tools like Windows PowerShell:

  • The script can be executed only from the computers which has Active Directory Domain Services role.
  • It's difficult to change date formats, and apply different time zones on the date results.
  • It is difficult to export the report in file formats other than CSV.
  • Applying more filters like OU or 'User name starts with' will increase the LDAP query complexity.

ADAudit Plus will generate the report by automatically scanning all DCs in the domain to retrieve the account lockout history of the users in a simple and intuitively designed UI.

  • Avoid complex PowerShell-scripting, and simplify AD change auditing with ADAudit Plus.
  • By clicking 'Get Your Free Trial', you agree to processing of personal data according to the Privacy Policy.
  • Thanks!
  • Your download is in progress and it will be completed in just a few seconds! If you face any issues, download manually here.

Related Resources

ADAudit Plus Trusted By