Jerry Seinfield
asked on
PS script to detect the source of locked accounts in AD and Azure AD
Hello Experts,
Instead of looking at the event ID ID 4740 and 4741 for every single DC in the domain under the security logs, can someone please help me to identify all events 4740 and 4741 for a single service account named xxxx jn a given domain for the past 24 hours, and export the occurrences to a csv file?
The script should be able to perform a query for domain controllers on prem as well as Azure, then return the results to a csv file
Instead of looking at the event ID ID 4740 and 4741 for every single DC in the domain under the security logs, can someone please help me to identify all events 4740 and 4741 for a single service account named xxxx jn a given domain for the past 24 hours, and export the occurrences to a csv file?
The script should be able to perform a query for domain controllers on prem as well as Azure, then return the results to a csv file
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I know this doesn't directly address your request but you could try the MS tool already designed to do this.
Download Account Lockout and Management Tools from Official Microsoft Download Center
Download Account Lockout and Management Tools from Official Microsoft Download Center
ASKER
Hope my request is now easy to read and understand
Cheers