Powershell AD user lockout detail -Works

-

Import-Module ActiveDirectory
$UserName = Read-Host "Please enter username"
$PDC = (Get-ADDomainController -Filter * | Where-Object {$_.OperationMasterRoles -contains "PDCEmulator"})
$UserInfo = Get-ADUser -Identity $UserName
#Search PDC for lockout events with ID 4740
$LockedOutEvents = Get-WinEvent -ComputerName $PDC.HostName -FilterHashtable @{LogName='Security';Id=4740} -ErrorAction Stop | Sort-Object -Property TimeCreated -Descending
Foreach($Event in $LockedOutEvents)
  {
    If($Event | Where {$_.Properties[2].value -match $UserInfo.SID.Value})
    {
      $Event | Select-Object -Property @(
        @{Label = 'User'; Expression = {$_.Properties[0].Value}}
        @{Label = 'DomainController'; Expression = {$_.MachineName}}
        @{Label = 'EventId'; Expression = {$_.Id}}
        @{Label = 'LockoutTimeStamp'; Expression = {$_.TimeCreated}}
        @{Label = 'Message'; Expression = {$_.Message -split "`r" | Select -First 1}}
        @{Label = 'LockoutSource'; Expression = {$_.Properties[1].Value}}
      )

    }}

Comments

Post a Comment

Popular posts from this blog

Troubleshooting Netlogon Error Codes

-
Image
Quick Reference: Troubleshooting Netlogon Error Codes ★ ★ ★ ★ ★ ★ ★ ★ ★ ★ ★ ★ ★ ★ ★ January 28, 2013   by  Mark Morowczynski [MSFT]   //   24 Comments 0 0 Hi this is Brandon Wilson and today I will be providing you with a quick reference for troubleshooting Netlogon error codes. I say “quick reference” very loosely here, because this is one of those sticky subjects that can easily expand into many more areas and become a very long discussion. So, I’m going to do my best to focus on just the codes and possible solutions for the error codes that are more common to see. Anyone who has dealt with some of these issues knows that some of these outlined areas can lead to huge revenue loss for a business, or at the very least an annoying authentication prompt J I welcome you to leave comments and questions, or suggestions for articles that you as the reader would be interested in seeing us do on AskPFE Platforms ( http://blogs.tech...
Read more

Service Principal Names (SPNs) SetSPN Syntax (Setspn.exe)

-
Image
Service Principal Names (SPNs) SetSPN Syntax (Setspn.exe) Table of Contents SPN Purpose SPN Format SetSPN Viewing or Checking SPN Registrations SPN Registration Errors Related to SPN Registration or Configuration Manually Registering SPNs Troubleshooting SPN Issues Resolving SPN Registration Issues SPN Lookup Errors Delegation External Articles SPN Purpose A service principal name (SPN) is the name by which a Kerberos client uniquely identifies an instance of a service for a given Kerberos target computer. If you install multiple instances of a service on computers throughout a forest, each instance must have its own SPN. A given service instance can have multiple SPNs if there are multiple names that clients might use for authentication. For example, an SPN always includes the name of the host computer on which the service instance is running, so a service instance might register an SPN for each name or alias of its host. ↑  Return to T...
Read more

Troubleshooting AD Active Directory Replication Error 8456 or 8457: "The source | destination server is currently rejecting replication requests"

-
Symptoms  This article describes the symptoms, cause, and resolution steps for situations where Active Directory operations fail with error 8456 or 8457: "The source | destination server is currently rejecting replication requests" The DCPROMO promotion of a new domain controller in an existing forest fails with the error "The source server is currently rejecting replication requests."  Dialog title text:    Active Directory Installation Wizard   Dialog message text:   The operation failed because:   Active Directory could not transfer the remaining data in directory partition   to domain controller .  "The source server is currently rejecting replication requests." DCDIAG reports the error "The source server is currently rejecting replication requests" or "The destination server is currently rejecting replication requests." Testing server: Default-First-Site-Name\     ...
Read more