Created
July 22, 2016 18:38
-
-
Save TerribleDev/24e21b3eeefb60790e0aca1fc96901f5 to your computer and use it in GitHub Desktop.
where am I lockedout from
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<# | |
.SYNOPSIS | |
Get-LockedOutUser.ps1 returns a list of users who were locked out in Active Directory. | |
.DESCRIPTION | |
Get-LockedOutUser.ps1 is an advanced script that returns a list of users who were locked out in Active Directory | |
by querying the event logs on the PDC emulation in the domain. | |
.PARAMETER UserName | |
The userid of the specific user you are looking for lockouts for. The default is all locked out users. | |
.PARAMETER StartTime | |
The datetime to start searching from. The default is all datetimes that exist in the event logs. | |
.EXAMPLE | |
Get-LockedOutUser.ps1 | |
.EXAMPLE | |
Get-LockedOutUser.ps1 -UserName 'mike' | |
.EXAMPLE | |
Get-LockedOutUser.ps1 -StartTime (Get-Date).AddDays(-1) | |
.EXAMPLE | |
Get-LockedOutUser.ps1 -UserName 'miker' -StartTime (Get-Date).AddDays(-1) | |
#> | |
[CmdletBinding()] | |
param ( | |
[ValidateNotNullOrEmpty()] | |
[string]$DomainName = $env:USERDOMAIN, | |
[ValidateNotNullOrEmpty()] | |
[string]$UserName = "*", | |
[ValidateNotNullOrEmpty()] | |
[datetime]$StartTime = (Get-Date).AddDays(-3) | |
) | |
Invoke-Command -ComputerName ( | |
[System.DirectoryServices.ActiveDirectory.Domain]::GetDomain(( | |
New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext('Domain', $DomainName)) | |
).PdcRoleOwner.name | |
) { | |
Get-WinEvent -FilterHashtable @{LogName='Security';Id=4740;StartTime=$Using:StartTime} | | |
Where-Object {$_.Properties[0].Value -like "$Using:UserName"} | | |
Select-Object -Property TimeCreated, | |
@{Label='UserName';Expression={$_.Properties[0].Value}}, | |
@{Label='ClientName';Expression={$_.Properties[1].Value}} | |
} -Credential (Get-Credential) | | |
Select-Object -Property TimeCreated, 'UserName', 'ClientName' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment