Powershell script or AD utility to identify the source of locked accounts in AD

Posted on 2014-08-27
Medium Priority
Last Modified: 2014-08-28
Hello Experts,

I have a client who is running into some AD issues, where an user gets the account locked random and sometimes happens to other users?

Instead of looking at the security logs on domain controllers, I would like to get a script to easily identify the source of the locked accounts, i.e. computer name, server, network device and so on. as well as last logon time

Can you please help me with this request?
Question by:Jerry Seinfield

Accepted Solution

dipersp earned 668 total points
ID: 40289103
Microsoft has a tool for this which we've used with some success.  Check out -

Author Comment

by:Jerry Seinfield
ID: 40289391
Thanks, but Unfortunately that tool only works in Windows 2003, and I do not want to install a EXE on a WIndows machine

Any other tool or poweshell script that we can use on WIndows 2008 /R2/2012/R2 servers and Win7 machines

If someone can provide an script or a MS server or client tool  would be highly appreciated

Expert Comment

ID: 40289417
Let me dig. That must be the wrong one then. We had a Microsoft app that wasn't an install and gave us good info on 2008R2 box. I assumed that was the one as it had a 2012 date on the MS page.
LVL 26

Assisted Solution

by:Sekar Chinnakannu
Sekar Chinnakannu earned 668 total points
ID: 40289612
As dipersp mentioned you use the same tool on Client OS and check. No need to run in server.

you can use one line powershell command to find the locked users and details http://blogs.technet.com/b/heyscriptingguy/archive/2011/08/31/use-powershell-to-find-locked-out-user-accounts.aspx
to find the location you can use this script to find http://gallery.technet.microsoft.com/scriptcenter/Get-LockedOutLocation-b2fd0cab
LVL 41

Assisted Solution

footech earned 664 total points
ID: 40290052
The Account Lockout Status Tool does work on 2008R2.  Haven't tested on 2012.  It doesn't require an install which is nice - just need to run the .EXE once it's extracted.  However, the tool doesn't give you any information about the source of the lockout,  For that you have to dig down into the security logs, and I think the script the Sekar referenced is likely what you want.

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question