Powershell script or AD utility to identify the source of locked accounts in AD

Posted on 2014-08-27
Last Modified: 2014-08-28
Hello Experts,

I have a client who is running into some AD issues, where an user gets the account locked random and sometimes happens to other users?

Instead of looking at the security logs on domain controllers, I would like to get a script to easily identify the source of the locked accounts, i.e. computer name, server, network device and so on. as well as last logon time

Can you please help me with this request?
Question by:Jerry Seinfield
    LVL 9

    Accepted Solution

    Microsoft has a tool for this which we've used with some success.  Check out -

    Author Comment

    by:Jerry Seinfield
    Thanks, but Unfortunately that tool only works in Windows 2003, and I do not want to install a EXE on a WIndows machine

    Any other tool or poweshell script that we can use on WIndows 2008 /R2/2012/R2 servers and Win7 machines

    If someone can provide an script or a MS server or client tool  would be highly appreciated
    LVL 9

    Expert Comment

    Let me dig. That must be the wrong one then. We had a Microsoft app that wasn't an install and gave us good info on 2008R2 box. I assumed that was the one as it had a 2012 date on the MS page.
    LVL 24

    Assisted Solution

    by:Sekar Chinnakannu
    As dipersp mentioned you use the same tool on Client OS and check. No need to run in server.

    you can use one line powershell command to find the locked users and details
    to find the location you can use this script to find
    LVL 38

    Assisted Solution

    The Account Lockout Status Tool does work on 2008R2.  Haven't tested on 2012.  It doesn't require an install which is nice - just need to run the .EXE once it's extracted.  However, the tool doesn't give you any information about the source of the lockout,  For that you have to dig down into the security logs, and I think the script the Sekar referenced is likely what you want.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
    Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now