Difference between revisions of "Investigating account lockouts with Powershell"
From MyWiki
(Created page with "http://www.tomsitpro.com/articles/powershell-active-directory-lockouts,2-848.html") |
|||
| Line 1: | Line 1: | ||
| − | http://www.tomsitpro.com/articles/powershell-active-directory-lockouts,2-848.html | + | Reference - http://www.tomsitpro.com/articles/powershell-active-directory-lockouts,2-848.html |
| + | |||
| + | # Find the domain controller that holds the PDC emulator role - (get-addomain).PDCEmulator | ||
| + | # Using this information run the following Powershell query | ||
| + | <source lang="powershell"> | ||
| + | ## Define the username that’s locked out | ||
| + | $Username = ‘abertram’ | ||
| + | |||
| + | ## Find the domain controller PDCe role | ||
| + | $Pdce = (Get-AdDomain).PDCEmulator | ||
| + | |||
| + | ## Build the parameters to pass to Get-WinEvent | ||
| + | $GweParams = @{ | ||
| + | ‘Computername’ = $Pdce | ||
| + | ‘LogName’ = ‘Security’ | ||
| + | ‘FilterXPath’ = "*[System[EventID=4740] and EventData[Data[@Name='TargetUserName']='$Username']]" | ||
| + | } | ||
| + | |||
| + | ## Query the security event log | ||
| + | $Events = Get-WinEvent @GweParams | ||
| + | </source> | ||
Revision as of 10:24, 27 April 2016
Reference - http://www.tomsitpro.com/articles/powershell-active-directory-lockouts,2-848.html
- Find the domain controller that holds the PDC emulator role - (get-addomain).PDCEmulator
- Using this information run the following Powershell query
## Define the username that’s locked out $Username = ‘abertram’ ## Find the domain controller PDCe role $Pdce = (Get-AdDomain).PDCEmulator ## Build the parameters to pass to Get-WinEvent $GweParams = @{ ‘Computername’ = $Pdce ‘LogName’ = ‘Security’ ‘FilterXPath’ = "*[System[EventID=4740] and EventData[Data[@Name='TargetUserName']='$Username']]" } ## Query the security event log $Events = Get-WinEvent @GweParams
