parent
7708a20756
commit
306e3f6d80
|
@ -3,17 +3,12 @@ Function Get-LockedOutLocation
|
|||
{
|
||||
<#
|
||||
.SYNOPSIS
|
||||
This function will locate the computer that processed a failed
|
||||
user logon attempt which caused the user account to become locked
|
||||
out.
|
||||
This function will locate the computer that processed a failed user logon attempt which caused the user account to become locked out.
|
||||
|
||||
.DESCRIPTION
|
||||
This function will locate the computer that processed a failed
|
||||
user logon attempt which caused the user account to become locked
|
||||
out. The locked out location is found by querying the PDC Emulator
|
||||
for locked out events (4740). The function will display the
|
||||
BadPasswordTime attribute on all of the domain controllers to add
|
||||
in further troubleshooting.
|
||||
This function will locate the computer that processed a failed user logon attempt which caused the user account to become locked out.
|
||||
The locked out location is found by querying the PDC Emulator for locked out events (4740).
|
||||
The function will display the BadPasswordTime attribute on all of the domain controllers to add in further troubleshooting.
|
||||
|
||||
.EXAMPLE
|
||||
PS C:\>Get-LockedOutLocation -Identity Joe.Davis
|
||||
|
@ -21,16 +16,14 @@ Function Get-LockedOutLocation
|
|||
|
||||
This example will find the locked out location for Joe Davis.
|
||||
.NOTE
|
||||
This function is only compatible with an environment where the
|
||||
domain controller with the PDCe role to be running Windows Server
|
||||
2008 SP2 and up. The script is also dependent the ActiveDirectory
|
||||
PowerShell module, which requires the AD Web services to be
|
||||
running on at least one domain controller. Author:Jason Walker
|
||||
This function is only compatible with an environment where the domain controller with the PDCe role to be running Windows Server 2008 SP2 and up.
|
||||
The script is also dependent the ActiveDirectory PowerShell module, which requires the AD Web services to be running on at least one domain controller.
|
||||
Author:Jason Walker
|
||||
Last Modified: 3/20/2013
|
||||
#>
|
||||
[CmdletBinding()]
|
||||
|
||||
Param(
|
||||
Param (
|
||||
[Parameter(Mandatory=$True)]
|
||||
[String]$Identity
|
||||
)
|
||||
|
@ -55,31 +48,17 @@ Function Get-LockedOutLocation
|
|||
{
|
||||
|
||||
#Get all domain controllers in domain
|
||||
cls
|
||||
$DomainControllers = Get-ADDomainController -Filter *
|
||||
$PDCEmulator = (
|
||||
$DomainControllers | Where-Object
|
||||
{
|
||||
$_.OperationMasterRoles -contains "PDCEmulator"
|
||||
}
|
||||
)
|
||||
$PDCEmulator = ($DomainControllers | Where-Object {$_.OperationMasterRoles -contains "PDCEmulator"})
|
||||
|
||||
Write-Verbose "Finding the domain controllers in the domain"
|
||||
Foreach ($DC in $DomainControllers)
|
||||
Foreach($DC in $DomainControllers)
|
||||
{
|
||||
$DCCounter++
|
||||
Write-Progress -Activity "Contacting DCs for lockout info" `
|
||||
-Status "Querying $($DC.Hostname)" `
|
||||
-PercentComplete (($DCCounter/$DomainControllers.Count) * 100)
|
||||
Write-Progress -Activity "Contacting DCs for lockout info" -Status "Querying $($DC.Hostname)" -PercentComplete (($DCCounter/$DomainControllers.Count) * 100)
|
||||
Try
|
||||
{
|
||||
$UserInfo = Get-ADUser -Identity $Identity `
|
||||
-Server $DC.Hostname `
|
||||
-Properties AccountLockoutTime,`
|
||||
LastBadPasswordAttempt,`
|
||||
BadPwdCount,`
|
||||
LockedOut
|
||||
-ErrorAction Stop
|
||||
$UserInfo = Get-ADUser -Identity $Identity -Server $DC.Hostname -Properties AccountLockoutTime,LastBadPasswordAttempt,BadPwdCount,LockedOut -ErrorAction Stop
|
||||
}
|
||||
Catch
|
||||
{
|
||||
|
@ -89,59 +68,45 @@ Function Get-LockedOutLocation
|
|||
If($UserInfo.LastBadPasswordAttempt)
|
||||
{
|
||||
$LockedOutStats += New-Object -TypeName PSObject -Property @{
|
||||
Name = $UserInfo.SamAccountName
|
||||
SID = $UserInfo.SID.Value
|
||||
LockedOut = $UserInfo.LockedOut
|
||||
BadPwdCount = $UserInfo.BadPwdCount
|
||||
BadPasswordTime = $UserInfo.BadPasswordTime
|
||||
DomainController = $DC.Hostname
|
||||
AccountLockoutTime = $UserInfo.AccountLockoutTime
|
||||
LastBadPasswordAttempt = `
|
||||
($UserInfo.LastBadPasswordAttempt).ToLocalTime()
|
||||
}
|
||||
Name = $UserInfo.SamAccountName
|
||||
SID = $UserInfo.SID.Value
|
||||
LockedOut = $UserInfo.LockedOut
|
||||
BadPwdCount = $UserInfo.BadPwdCount
|
||||
BadPasswordTime = $UserInfo.BadPasswordTime
|
||||
DomainController = $DC.Hostname
|
||||
AccountLockoutTime = $UserInfo.AccountLockoutTime
|
||||
LastBadPasswordAttempt = ($UserInfo.LastBadPasswordAttempt).ToLocalTime()
|
||||
}
|
||||
}#end if
|
||||
}#end foreach DCs
|
||||
$LockedOutStats | Format-Table -Property Name,`
|
||||
LockedOut,`
|
||||
DomainController,`
|
||||
BadPwdCount,`
|
||||
AccountLockoutTime,`
|
||||
LastBadPasswordAttempt `
|
||||
-AutoSize
|
||||
$LockedOutStats | Format-Table -Property Name,LockedOut,DomainController,BadPwdCount,AccountLockoutTime,LastBadPasswordAttempt -AutoSize
|
||||
|
||||
#Get User Info
|
||||
Try
|
||||
{
|
||||
Write-Verbose "Querying event log on $($PDCEmulator.HostName)"
|
||||
$LockedOutEvents = Get-WinEvent -ComputerName $PDCEmulator.HostName`
|
||||
-FilterHashtable @{LogName='Security';Id=4740} `
|
||||
-ErrorAction Stop | Sort-Object `
|
||||
-Property TimeCreated
|
||||
-Descending
|
||||
Write-Verbose "Querying event log on $($PDCEmulator.HostName)"
|
||||
$LockedOutEvents = Get-WinEvent -ComputerName $PDCEmulator.HostName -FilterHashtable @{LogName='Security';Id=4740} -ErrorAction Stop | Sort-Object -Property TimeCreated -Descending
|
||||
}
|
||||
Catch
|
||||
{
|
||||
Write-Warning $_
|
||||
Continue
|
||||
}#end catch
|
||||
|
||||
$Events = Foreach($Event in $LockedOutEvents)
|
||||
{
|
||||
If($Event | Where {$_.Properties[2].value -match $UserInfo.SID.Value})
|
||||
{
|
||||
$Event | Select-Object -Property `
|
||||
@(
|
||||
@{Label = 'User'; Expression = {$_.Properties[0].Value}}
|
||||
@{Label = 'DomainController'; Expression = {$_.MachineName}}
|
||||
@{Label = 'EventId'; Expression = {$_.Id}}
|
||||
@{Label = 'LockedOutTimeStamp'; Expression = {$_.TimeCreated}}
|
||||
@{Label = 'Message'; Expression = {$_.Message `
|
||||
-split "`r" | Select -First 1}}
|
||||
@{Label = 'LockedOutLocation'; Expression =
|
||||
{
|
||||
$_.Properties[1].Value
|
||||
}
|
||||
}
|
||||
|
||||
$Event | Select-Object -Property @(
|
||||
@{Label = 'User'; Expression = {$_.Properties[0].Value}}
|
||||
@{Label = 'DomainController'; Expression = {$_.MachineName}}
|
||||
@{Label = 'EventId'; Expression = {$_.Id}}
|
||||
@{Label = 'LockedOutTimeStamp'; Expression = {$_.TimeCreated}}
|
||||
@{Label = 'Message'; Expression = {$_.Message -split "`r" | Select -First 1}}
|
||||
@{Label = 'LockedOutLocation'; Expression = {$_.Properties[1].Value}}
|
||||
)
|
||||
|
||||
}#end ifevent
|
||||
|
||||
}#end foreach lockedout event
|
||||
|
|
Reference in New Issue