reformat get-lockout-location.ps1
This commit is contained in:
parent
5e49ee7a85
commit
ac7400ef9f
|
@ -3,12 +3,17 @@ Function Get-LockedOutLocation
|
||||||
{
|
{
|
||||||
<#
|
<#
|
||||||
.SYNOPSIS
|
.SYNOPSIS
|
||||||
This function will locate the computer that processed a failed user logon attempt which caused the user account to become locked out.
|
This function will locate the computer that processed a failed
|
||||||
|
user logon attempt which caused the user account to become locked
|
||||||
|
out.
|
||||||
|
|
||||||
.DESCRIPTION
|
.DESCRIPTION
|
||||||
This function will locate the computer that processed a failed user logon attempt which caused the user account to become locked out.
|
This function will locate the computer that processed a failed
|
||||||
The locked out location is found by querying the PDC Emulator for locked out events (4740).
|
user logon attempt which caused the user account to become locked
|
||||||
The function will display the BadPasswordTime attribute on all of the domain controllers to add in further troubleshooting.
|
out. The locked out location is found by querying the PDC Emulator
|
||||||
|
for locked out events (4740). The function will display the
|
||||||
|
BadPasswordTime attribute on all of the domain controllers to add
|
||||||
|
in further troubleshooting.
|
||||||
|
|
||||||
.EXAMPLE
|
.EXAMPLE
|
||||||
PS C:\>Get-LockedOutLocation -Identity Joe.Davis
|
PS C:\>Get-LockedOutLocation -Identity Joe.Davis
|
||||||
|
@ -16,9 +21,11 @@ Function Get-LockedOutLocation
|
||||||
|
|
||||||
This example will find the locked out location for Joe Davis.
|
This example will find the locked out location for Joe Davis.
|
||||||
.NOTE
|
.NOTE
|
||||||
This function is only compatible with an environment where the domain controller with the PDCe role to be running Windows Server 2008 SP2 and up.
|
This function is only compatible with an environment where the
|
||||||
The script is also dependent the ActiveDirectory PowerShell module, which requires the AD Web services to be running on at least one domain controller.
|
domain controller with the PDCe role to be running Windows Server
|
||||||
Author:Jason Walker
|
2008 SP2 and up. The script is also dependent the ActiveDirectory
|
||||||
|
PowerShell module, which requires the AD Web services to be
|
||||||
|
running on at least one domain controller. Author:Jason Walker
|
||||||
Last Modified: 3/20/2013
|
Last Modified: 3/20/2013
|
||||||
#>
|
#>
|
||||||
[CmdletBinding()]
|
[CmdletBinding()]
|
||||||
|
@ -49,16 +56,25 @@ Function Get-LockedOutLocation
|
||||||
|
|
||||||
#Get all domain controllers in domain
|
#Get all domain controllers in domain
|
||||||
$DomainControllers = Get-ADDomainController -Filter *
|
$DomainControllers = Get-ADDomainController -Filter *
|
||||||
$PDCEmulator = ($DomainControllers | Where-Object {$_.OperationMasterRoles -contains "PDCEmulator"})
|
$PDCEmulator = ($DomainControllers |
|
||||||
|
Where-Object {$_.OperationMasterRoles -contains "PDCEmulator"})
|
||||||
|
|
||||||
Write-Verbose "Finding the domain controllers in the domain"
|
Write-Verbose "Finding the domain controllers in the domain"
|
||||||
Foreach($DC in $DomainControllers)
|
Foreach($DC in $DomainControllers)
|
||||||
{
|
{
|
||||||
$DCCounter++
|
$DCCounter++
|
||||||
Write-Progress -Activity "Contacting DCs for lockout info" -Status "Querying $($DC.Hostname)" -PercentComplete (($DCCounter/$DomainControllers.Count) * 100)
|
Write-Progress -Activity "Contacting DCs for lockout info" -Status "`
|
||||||
|
Querying $($DC.Hostname)" `
|
||||||
|
-PercentComplete (($DCCounter/$DomainControllers.Count) * 100)
|
||||||
Try
|
Try
|
||||||
{
|
{
|
||||||
$UserInfo = Get-ADUser -Identity $Identity -Server $DC.Hostname -Properties AccountLockoutTime,LastBadPasswordAttempt,BadPwdCount,LockedOut -ErrorAction Stop
|
$UserInfo = Get-ADUser -Identity $Identity `
|
||||||
|
-Server $DC.Hostname `
|
||||||
|
-Properties AccountLockoutTime,
|
||||||
|
LastBadPasswordAttempt,
|
||||||
|
BadPwdCount,
|
||||||
|
LockedOut `
|
||||||
|
-ErrorAction Stop
|
||||||
}
|
}
|
||||||
Catch
|
Catch
|
||||||
{
|
{
|
||||||
|
@ -79,13 +95,21 @@ Function Get-LockedOutLocation
|
||||||
}
|
}
|
||||||
}#end if
|
}#end if
|
||||||
}#end foreach DCs
|
}#end foreach DCs
|
||||||
$LockedOutStats | Format-Table -Property Name,LockedOut,DomainController,BadPwdCount,AccountLockoutTime,LastBadPasswordAttempt -AutoSize
|
$LockedOutStats | Format-Table -Property Name,
|
||||||
|
LockedOut,
|
||||||
|
DomainController,
|
||||||
|
BadPwdCount,
|
||||||
|
AccountLockoutTime,
|
||||||
|
LastBadPasswordAttempt `
|
||||||
|
-AutoSize
|
||||||
|
|
||||||
#Get User Info
|
#Get User Info
|
||||||
Try
|
Try
|
||||||
{
|
{
|
||||||
Write-Verbose "Querying event log on $($PDCEmulator.HostName)"
|
Write-Verbose "Querying event log on $($PDCEmulator.HostName)"
|
||||||
$LockedOutEvents = Get-WinEvent -ComputerName $PDCEmulator.HostName -FilterHashtable @{LogName='Security';Id=4740} -ErrorAction Stop | Sort-Object -Property TimeCreated -Descending
|
$LockedOutEvents = Get-WinEvent -ComputerName $PDCEmulator.HostName `
|
||||||
|
-FilterHashtable @{LogName='Security';Id=4740} -ErrorAction Stop |
|
||||||
|
Sort-Object -Property TimeCreated -Descending
|
||||||
}
|
}
|
||||||
Catch
|
Catch
|
||||||
{
|
{
|
||||||
|
|
Reference in New Issue