IISResetMe/Get-ADLockedOutUser.ps1

## Get-ADLockedOutUser.ps1
function Get-ADLockedOutUser {
  [CmdletBinding(DefaultParameterSetName = 'MultiDC')]
  param(
    [Parameter(Mandatory = $false, ParameterSetName = 'MultiDC')]
    [string[]]$DCFilter = @('*'),

    [Parameter(Mandatory = $true, ParameterSetName = 'PDCOnly')]
    [switch]$PDCOnly
  )

  $DCs = Get-ADDomainController -Service PrimaryDC -Discover
  if($PSCmdlet.ParameterSetName -eq 'MultiDC') {
    $DCs = Get-ADDomainController -Filter *|Where-Object {$DC = $_.Name;$DCFilter.Where({$DC -like $_}, 'First')}
  }

  $lockedout = [System.Collections.Generic.HashSet[guid]]::new()
  $DCs.HostName |ForEach-Object{
    Write-Progress -Activity "Searching for locked out users" -Status "Querying $_"
    Get-ADUser -LDAPFilter '((objectClass=user)(objectCategory=person)(lockoutTime>=1))' -Server $_ |Where {$_.Enabled} |ForEach-Object {
      if($lockedout.Add($_.objectGUID)){
        $_
      }
    }
  }
  Write-Progress -Activity "Searching for locked out users" -Status "Done!" -Completed
}
	function Get-ADLockedOutUser {
	[CmdletBinding(DefaultParameterSetName = 'MultiDC')]
	param(
	[Parameter(Mandatory = $false, ParameterSetName = 'MultiDC')]
	[string[]]$DCFilter = @('*'),

	[Parameter(Mandatory = $true, ParameterSetName = 'PDCOnly')]
	[switch]$PDCOnly
	)

	$DCs = Get-ADDomainController -Service PrimaryDC -Discover
	if($PSCmdlet.ParameterSetName -eq 'MultiDC') {
	$DCs = Get-ADDomainController -Filter *\|Where-Object {$DC = $_.Name;$DCFilter.Where({$DC -like $_}, 'First')}
	}

	$lockedout = [System.Collections.Generic.HashSet[guid]]::new()
	$DCs.HostName \|ForEach-Object{
	Write-Progress -Activity "Searching for locked out users" -Status "Querying $_"
	Get-ADUser -LDAPFilter '((objectClass=user)(objectCategory=person)(lockoutTime>=1))' -Server $_ \|Where {$_.Enabled} \|ForEach-Object {
	if($lockedout.Add($_.objectGUID)){
	$_
	}
	}
	}
	Write-Progress -Activity "Searching for locked out users" -Status "Done!" -Completed
	}