TECHDIIP

Powershell check user lockout source

There is a simple PowerShell script to get the lockout source of any user account, in this article we explain how to write the code for building a Powershell script that pulls the lockout source of any active directory account.

Employees often call tech support saying their account got locked out, it keeps locking, it is quite difficult for one to check the source of lockout, and imagine if there more users complaining their account is locked out for unknown reason then one has to quickly check the source of account lockout and resolve the issue.

In simple words if we have a Powershell script to locate the source then it makes one job easy, here is a script that helps to check the account lockout source.

We need to create a file for storing all the user accounts list that are locking out, I named it as UserNames.txt and saved it in my local machine c:\temp\UserNames.txt

Powershell lockout user

$lockoutsource = @()

$ADPDCServer = (Get-AdDomain).PDCEmulator
 
#storing all user accounts which are locking out
$usernames =  Get-Content "c:\temp\usernames.txt"
 
# Try code for checking the userlockout source

Try{
    $lockoutsource = Foreach ($User in $usernames){
        icm -cn $ADPDCServer {param($User)

            $Object = @{}| select Username,TimeCreated,Source

            $Object.Username = $User
 
            
            $EventID = Get-WinEvent -FilterHashtable @{LogName="Security";ID="4740"} | Where {$_.message -match $User} | select -first 1
            If($EventID){ 
                $Object.Source = $EventID.properties.value[1]
                $Object.timecreated = $EventID.timecreated
            }
            Else{ 
                $Object.Source = " - "
                $Object.timecreated = " - "
            }
            $Object
        } -ArgumentList $User -ErrorAction stop | select @{n='ServerName';e={$_.pscomputername}},Username,TimeCreated,Source
    }
}
Catch [System.Exception]{
       Write-host "Error" -backgroundcolor red -foregroundcolor yellow
    $_.Exception.Message
}
"Lockout Source $ADPDCServer :"

Write-Host "Lockout Source of user as follows"

$lockoutsource

The above script brings the lockout source meaning, where a particular user account is locking out and then we take action against the server or windows machine.

Thank you for reading this article, if you have any questions please let us know.

Thank you for visiting my site, for any scripts in these articles you are testing please make sure you have tested this script in your lower environment before you run in production.

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *