srpomeroy/Get-DCLockoutEvents.ps1

## Get-DCLockoutEvents.ps1
param(
    $Computer ='dc01.contoso.com',
    $Minutes = -240
    )

if ($Minutes -ge 0) {$Minutes = 0 - $Minutes}

$SelectOuput = @(
    @{n='ComputerName';e={$_.MachineName}},
    @{n='Time';e={$_.TimeCreated}},
    @{n='Domain';e={$_.Properties[5].Value}}
    @{n='Account';e={$_.Properties[0].Value}}
    @{n='Source';e={$_.Properties[1].Value}}
)

$Date = (Get-Date).AddMinutes($Minutes)
$Events = $null
$Events = Get-WinEvent -ComputerName $Computer -FilterHashTable @{ LogName = "Security"; StartTime = $Date; ID = 4740 } | Select-Object $SelectOuput
$Events
	param(
	$Computer ='dc01.contoso.com',
	$Minutes = -240
	)

	if ($Minutes -ge 0) {$Minutes = 0 - $Minutes}

	$SelectOuput = @(
	@{n='ComputerName';e={$_.MachineName}},
	@{n='Time';e={$_.TimeCreated}},
	@{n='Domain';e={$_.Properties[5].Value}}
	@{n='Account';e={$_.Properties[0].Value}}
	@{n='Source';e={$_.Properties[1].Value}}
	)

	$Date = (Get-Date).AddMinutes($Minutes)
	$Events = $null
	$Events = Get-WinEvent -ComputerName $Computer -FilterHashTable @{ LogName = "Security"; StartTime = $Date; ID = 4740 } \| Select-Object $SelectOuput
	$Events