Created
December 3, 2019 09:28
-
-
Save jamil666/2acccd04a58f034b6414d173e740f850 to your computer and use it in GitHub Desktop.
Powershell script for finding user lockout source
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Define the username that’s locked out | |
| $Username = Read-Host "Please enter username: " | |
| ## Find the domain controller PDCe role | |
| $Pdce = (Get-AdDomain).PDCEmulator | |
| # Check if user locked out | |
| $LocketOutStatus = Get-ADUser -Properties LockedOut -Identity $Username | select LockedOut | |
| if ($LocketOutStatus.LockedOut -eq 'True'){ | |
| ## Build the parameters to pass to Get-WinEvent | |
| $GweParams = @{ | |
| ‘Computername’ = $Pdce | |
| ‘LogName’ = ‘Security’ | |
| ‘FilterXPath’ = "*[System[EventID=4740] and EventData[Data[@Name='TargetUserName']='$Username']]" | |
| } | |
| ## Query the security event log | |
| $Events = Get-WinEvent @GweParams -Credential (Get-Credential) | |
| Write-Host -ForegroundColor Green ($Events | foreach {$_.Properties[1].value + ' ' + $_.TimeCreated}) | |
| } | |
| else{ | |
| Write-Host "User" $Username "not locked" -ForegroundColor Green | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment