ds-utils

1.6.2

public/Get-ADLockedUsers.ps1

                                function Get-ADLockedUsers {

    <#

    .SYNOPSIS

        Get Active Directory user accounts which are currently locked

    .DESCRIPTION

        Get Active Directory user accounts which are currently locked

    .PARAMETER EventID

        Required. Event ID of user account lock event. Default = 4740

    .PARAMETER LogName

        Required. Name of Windows Event Log to search. Default = "Security"

    .PARAMETER DaysBack

        Required. Number of days to search back from current date. Range = 1 to 30. Default = 3

    .EXAMPLE

        Get-ADLockedUsers -DaysBack 7

    .NOTES

        Requires ActiveDirectory PowerShell module (RSAT installed, or on a DC)

    .LINK

        https://github.com/Skatterbrainz/ds-utils/blob/master/docs/Get-ADLockedUsers.md

    #>

    [CmdletBinding()]

    param (

        [parameter()][int]$EventID = 4740,

        [parameter()][string]$LogName = "Security",

        [parameter()][int][ValidateRange(1,30)]$DaysBack = 3

    )

    if (!(Get-Module ActiveDirectory -ListAvailable)) {

        Write-Warning "Required PowerShell module not installed: ActiveDirectory"

        break

    }

    if ([string]::IsNullOrWhiteSpace($LogName)) {

        Write-Warning "Parameter cannot be blank: LogName"

        break

    }

    if ($null -eq $EventID) {

        Write-Warning "Parameter cannot be blank: EventID"

        break

    }

    $dcs = @(Get-ADDomainController -Filter * | Sort-Object Name | Select-Object -ExpandProperty Name)

    [int]$total = $dcs.Count

    [int]$counter = 1

    [datetime]$StartTime = (Get-Date).AddDays(-$DaysBack)

    [System.Collections.Generic.List[PSObject]] $results = @()

    foreach ($dc in $dcs) {

        Write-Host "$counter of $total - $dc"

        try {

            $events = Get-WinEvent -ComputerName $dc -FilterHashtable @{Logname = $LogName; ID = $EventID; StartTime = $StartTime} -ErrorAction Stop

            foreach ($event in $events) {

                $res = [pscustomobject]@{

                    DC             = $dc

                    Time           = $event.TimeCreated

                    Username       = $event.Properties.Value[0]

                    ClientComputer = $event.Properties.Value[1]

                }

                $results.Add($res)

                $res | FT -Wrap

            }

        }

        catch {

            $msg = $_.Exception.Message

            if ($msg -like '*No events were found*') {

                Write-Host "$dc - No matching events found" -ForegroundColor Cyan

            } else {

                Write-Warning "ERROR: $dc - $msg"

            }

        }

        $counter++

    }

    $results

}