tonylea/GetLockoutLocation.ps1

## GetLockoutLocation.ps1
#requries -Version 2.0

<#
 	.SYNOPSIS
        This script is PowerShell script which can be used to get location of locked out user account.
    .DESCRIPTION
        This script is PowerShell script which can be used to get location of locked out user account.
    .PARAMETER  SamAccountName
		Specifies the SamAccountName of user that you want search.
    .EXAMPLE
        C:\PS> C:\Script\GetLockoutLocation.ps1 -SamAccountName "katrina"
        SamAccountName         : katrina
        LogonLocation          : EDGE1
        AccountLockoutTime     : 11/15/2013 1:46:53 AM
        LastBadPasswordAttempt : 11/15/2013 1:46:53 AM
        badPwdCount            : 3
#>
Param
(
    [Parameter(Mandatory=$false,ValueFromPipeline=$true)]
    [Alias('sam')][String[]]$SamAccountName
)

#Check if ActiveDirectory module is imported.
If(-not(Get-Module -Name ActiveDirectory))
{
    Import-Module -Name ActiveDirectory
}

$DomainControllers = Get-ADDomainController -Filter *

$Objs=@()
Foreach($DC in $DomainControllers)
{
    #Use regular expression do string manipulation
    $EventInfos = Get-WinEvent -ComputerName $DC.Hostname -FilterHashtable @{Logname='Security';Id=4740} -ErrorAction SilentlyContinue
    [Regex]$RegexAccountName = "Account Name:\s+\w+.*"
    [Regex]$RegexDomainName = "Account Domain:\s+\w+.*"

    $EventInfos|Foreach{$MsgStr1=$_.message.LastIndexOf("Account Name:")
    $MsgStr2=$_.message.Substring($MsgStr1,$_.message.Length-$MsgStr1)
    $MsgStr3=($MsgStr2 -Split ":")
    $AccountName = ($MsgStr3 -split "`r`n")[1].Trim()
    $Location = ($MsgStr3 -split "`r`n")[6].Trim()
    $Events=New-Object -TypeName PSObject -Property @{SamAccountName = $AccountName; Location=$Location}
    $Objs+=$Events}


    If($SamAccountName)
    {
        Foreach($Account in $SamAccountName)
        {
            $LockedOutAccount = Get-ADUser -Filter {SamAccountName -eq $Account} -Server $DC.HostName `
            -Properties SamAccountName,AccountLockoutTime,LastBadPasswordAttempt,badPwdCount,LockedOut|`
            Where{$_.LockedOut -eq $true} | Select-Object SamAccountName,AccountLockoutTime,LastBadPasswordAttempt,badPwdCount,LockedOut
            $LockedOutInfo = $LockedOutAccount|Foreach{New-Object -TypeName PSObject `
            -Property @{SamAccountName = $_.SamAccountName;
                        LogonLocation = $($Name = $_.SamAccountName;`
                        $Objs|Where{$_.SamAccountName -eq $Name}|Sort -Unique|`
                        Select -ExpandProperty Location);
                        AccountLockoutTime = $_.AccountLockoutTime
                        LastBadPasswordAttempt = $_.LastBadPasswordAttempt;
                        badPwdCount = $_.badPwdCount}}

            $LockedOutInfo | Select SamAccountName,@{Expression={If($_.LogonLocation -eq $null){"Not Found"}Else{$_.LogonLocation}};`
            Label="LogonLocation"},AccountLockoutTime,LastBadPasswordAttempt,badPwdCount
        }
    }
    Else
    {
        $LockedOutAccount = Get-ADUser -Filter * -Server $DC.HostName `
        -Properties SamAccountName,AccountLockoutTime,LastBadPasswordAttempt,badPwdCount,LockedOut |`
        Where{$_.LockedOut-eq $true} | Select-Object SamAccountName,AccountLockoutTime,LastBadPasswordAttempt,badPwdCount,LockedOut
        $LockedOutInfo = $LockedOutAccount|Foreach{New-Object -TypeName PSObject `
        -Property @{SamAccountName = $_.SamAccountName;
                    LogonLocation = $($Name = $_.SamAccountName;`
                    $Objs|Where{$_.SamAccountName -eq $Name}|Sort -Unique|`
                    Select -ExpandProperty Location);
                    AccountLockoutTime = $_.AccountLockoutTime
                    LastBadPasswordAttempt = $_.LastBadPasswordAttempt;
                    badPwdCount = $_.badPwdCount}}

            $LockedOutInfo | Select SamAccountName,@{Expression={If($_.LogonLocation -eq $null){"Not Found"}Else{$_.LogonLocation}};`
            Label="LogonLocation"},AccountLockoutTime,LastBadPasswordAttempt,badPwdCount
    }
}
	#requries -Version 2.0

	<#
	.SYNOPSIS
	This script is PowerShell script which can be used to get location of locked out user account.
	.DESCRIPTION
	This script is PowerShell script which can be used to get location of locked out user account.
	.PARAMETER SamAccountName
	Specifies the SamAccountName of user that you want search.
	.EXAMPLE
	C:\PS> C:\Script\GetLockoutLocation.ps1 -SamAccountName "katrina"
	SamAccountName : katrina
	LogonLocation : EDGE1
	AccountLockoutTime : 11/15/2013 1:46:53 AM
	LastBadPasswordAttempt : 11/15/2013 1:46:53 AM
	badPwdCount : 3
	#>
	Param
	(
	[Parameter(Mandatory=$false,ValueFromPipeline=$true)]
	[Alias('sam')][String[]]$SamAccountName
	)

	#Check if ActiveDirectory module is imported.
	If(-not(Get-Module -Name ActiveDirectory))
	{
	Import-Module -Name ActiveDirectory
	}

	$DomainControllers = Get-ADDomainController -Filter *

	$Objs=@()
	Foreach($DC in $DomainControllers)
	{
	#Use regular expression do string manipulation
	$EventInfos = Get-WinEvent -ComputerName $DC.Hostname -FilterHashtable @{Logname='Security';Id=4740} -ErrorAction SilentlyContinue
	[Regex]$RegexAccountName = "Account Name:\s+\w+.*"
	[Regex]$RegexDomainName = "Account Domain:\s+\w+.*"

	$EventInfos\|Foreach{$MsgStr1=$_.message.LastIndexOf("Account Name:")
	$MsgStr2=$_.message.Substring($MsgStr1,$_.message.Length-$MsgStr1)
	$MsgStr3=($MsgStr2 -Split ":")
	$AccountName = ($MsgStr3 -split "`r`n")[1].Trim()
	$Location = ($MsgStr3 -split "`r`n")[6].Trim()
	$Events=New-Object -TypeName PSObject -Property @{SamAccountName = $AccountName; Location=$Location}
	$Objs+=$Events}


	If($SamAccountName)
	{
	Foreach($Account in $SamAccountName)
	{
	$LockedOutAccount = Get-ADUser -Filter {SamAccountName -eq $Account} -Server $DC.HostName `
	-Properties SamAccountName,AccountLockoutTime,LastBadPasswordAttempt,badPwdCount,LockedOut\|`
	Where{$_.LockedOut -eq $true} \| Select-Object SamAccountName,AccountLockoutTime,LastBadPasswordAttempt,badPwdCount,LockedOut
	$LockedOutInfo = $LockedOutAccount\|Foreach{New-Object -TypeName PSObject `
	-Property @{SamAccountName = $_.SamAccountName;
	LogonLocation = $($Name = $_.SamAccountName;`
	$Objs\|Where{$_.SamAccountName -eq $Name}\|Sort -Unique\|`
	Select -ExpandProperty Location);
	AccountLockoutTime = $_.AccountLockoutTime
	LastBadPasswordAttempt = $_.LastBadPasswordAttempt;
	badPwdCount = $_.badPwdCount}}

	$LockedOutInfo \| Select SamAccountName,@{Expression={If($_.LogonLocation -eq $null){"Not Found"}Else{$_.LogonLocation}};`
	Label="LogonLocation"},AccountLockoutTime,LastBadPasswordAttempt,badPwdCount
	}
	}
	Else
	{
	$LockedOutAccount = Get-ADUser -Filter * -Server $DC.HostName `
	-Properties SamAccountName,AccountLockoutTime,LastBadPasswordAttempt,badPwdCount,LockedOut \|`
	Where{$_.LockedOut-eq $true} \| Select-Object SamAccountName,AccountLockoutTime,LastBadPasswordAttempt,badPwdCount,LockedOut
	$LockedOutInfo = $LockedOutAccount\|Foreach{New-Object -TypeName PSObject `
	-Property @{SamAccountName = $_.SamAccountName;
	LogonLocation = $($Name = $_.SamAccountName;`
	$Objs\|Where{$_.SamAccountName -eq $Name}\|Sort -Unique\|`
	Select -ExpandProperty Location);
	AccountLockoutTime = $_.AccountLockoutTime
	LastBadPasswordAttempt = $_.LastBadPasswordAttempt;
	badPwdCount = $_.badPwdCount}}

	$LockedOutInfo \| Select SamAccountName,@{Expression={If($_.LogonLocation -eq $null){"Not Found"}Else{$_.LogonLocation}};`
	Label="LogonLocation"},AccountLockoutTime,LastBadPasswordAttempt,badPwdCount
	}
	}