Created
March 10, 2016 14:32
-
-
Save tonylea/b2f5c699a1b556df2576 to your computer and use it in GitHub Desktop.
Get Locked Out Location
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#requries -Version 2.0 | |
<# | |
.SYNOPSIS | |
This script is PowerShell script which can be used to get location of locked out user account. | |
.DESCRIPTION | |
This script is PowerShell script which can be used to get location of locked out user account. | |
.PARAMETER SamAccountName | |
Specifies the SamAccountName of user that you want search. | |
.EXAMPLE | |
C:\PS> C:\Script\GetLockoutLocation.ps1 -SamAccountName "katrina" | |
SamAccountName : katrina | |
LogonLocation : EDGE1 | |
AccountLockoutTime : 11/15/2013 1:46:53 AM | |
LastBadPasswordAttempt : 11/15/2013 1:46:53 AM | |
badPwdCount : 3 | |
#> | |
Param | |
( | |
[Parameter(Mandatory=$false,ValueFromPipeline=$true)] | |
[Alias('sam')][String[]]$SamAccountName | |
) | |
#Check if ActiveDirectory module is imported. | |
If(-not(Get-Module -Name ActiveDirectory)) | |
{ | |
Import-Module -Name ActiveDirectory | |
} | |
$DomainControllers = Get-ADDomainController -Filter * | |
$Objs=@() | |
Foreach($DC in $DomainControllers) | |
{ | |
#Use regular expression do string manipulation | |
$EventInfos = Get-WinEvent -ComputerName $DC.Hostname -FilterHashtable @{Logname='Security';Id=4740} -ErrorAction SilentlyContinue | |
[Regex]$RegexAccountName = "Account Name:\s+\w+.*" | |
[Regex]$RegexDomainName = "Account Domain:\s+\w+.*" | |
$EventInfos|Foreach{$MsgStr1=$_.message.LastIndexOf("Account Name:") | |
$MsgStr2=$_.message.Substring($MsgStr1,$_.message.Length-$MsgStr1) | |
$MsgStr3=($MsgStr2 -Split ":") | |
$AccountName = ($MsgStr3 -split "`r`n")[1].Trim() | |
$Location = ($MsgStr3 -split "`r`n")[6].Trim() | |
$Events=New-Object -TypeName PSObject -Property @{SamAccountName = $AccountName; Location=$Location} | |
$Objs+=$Events} | |
If($SamAccountName) | |
{ | |
Foreach($Account in $SamAccountName) | |
{ | |
$LockedOutAccount = Get-ADUser -Filter {SamAccountName -eq $Account} -Server $DC.HostName ` | |
-Properties SamAccountName,AccountLockoutTime,LastBadPasswordAttempt,badPwdCount,LockedOut|` | |
Where{$_.LockedOut -eq $true} | Select-Object SamAccountName,AccountLockoutTime,LastBadPasswordAttempt,badPwdCount,LockedOut | |
$LockedOutInfo = $LockedOutAccount|Foreach{New-Object -TypeName PSObject ` | |
-Property @{SamAccountName = $_.SamAccountName; | |
LogonLocation = $($Name = $_.SamAccountName;` | |
$Objs|Where{$_.SamAccountName -eq $Name}|Sort -Unique|` | |
Select -ExpandProperty Location); | |
AccountLockoutTime = $_.AccountLockoutTime | |
LastBadPasswordAttempt = $_.LastBadPasswordAttempt; | |
badPwdCount = $_.badPwdCount}} | |
$LockedOutInfo | Select SamAccountName,@{Expression={If($_.LogonLocation -eq $null){"Not Found"}Else{$_.LogonLocation}};` | |
Label="LogonLocation"},AccountLockoutTime,LastBadPasswordAttempt,badPwdCount | |
} | |
} | |
Else | |
{ | |
$LockedOutAccount = Get-ADUser -Filter * -Server $DC.HostName ` | |
-Properties SamAccountName,AccountLockoutTime,LastBadPasswordAttempt,badPwdCount,LockedOut |` | |
Where{$_.LockedOut-eq $true} | Select-Object SamAccountName,AccountLockoutTime,LastBadPasswordAttempt,badPwdCount,LockedOut | |
$LockedOutInfo = $LockedOutAccount|Foreach{New-Object -TypeName PSObject ` | |
-Property @{SamAccountName = $_.SamAccountName; | |
LogonLocation = $($Name = $_.SamAccountName;` | |
$Objs|Where{$_.SamAccountName -eq $Name}|Sort -Unique|` | |
Select -ExpandProperty Location); | |
AccountLockoutTime = $_.AccountLockoutTime | |
LastBadPasswordAttempt = $_.LastBadPasswordAttempt; | |
badPwdCount = $_.badPwdCount}} | |
$LockedOutInfo | Select SamAccountName,@{Expression={If($_.LogonLocation -eq $null){"Not Found"}Else{$_.LogonLocation}};` | |
Label="LogonLocation"},AccountLockoutTime,LastBadPasswordAttempt,badPwdCount | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Copied from Microsoft Script Center
Script originally by OneScript Team