有没有方法列出用户AD 用户在哪里lockout呢?可以参考如下微软网站上列出的Powershell 模板
- #Requires -Version 2.0
- Function Get-LockedOutLocation
- {
- <#
- .SYNOPSIS
- This function will locate the computer that processed a failed user logon attempt which caused the user account to become locked out.
- .DESCRIPTION
- This function will locate the computer that processed a failed user logon attempt which caused the user account to become locked out.
- The locked out location is found by querying the PDC Emulator for locked out events (4740).
- The function will display the BadPasswordTime attribute on all of the domain controllers to add in further troubleshooting.
- .EXAMPLE
- PS C:\>Get-LockedOutLocation -User Joe.Davis
- This example will find the locked out location for Joe Davis.
- .NOTE
- This function is only compatible with an environment where the domain controller with the PDCe role to be running Windows Server 2008 SP2 and up.
- The script is also dependent the ActiveDirectory PowerShell module, which requires the AD Web services to be running on at least one domain controller.
- Author:Jason Walker
- Last Modified: 12/7/2012
- #>
- [CmdletBinding()]
- Param(
- [Parameter(Mandatory=$True)]
- [String]$Identity
- )
- Begin
- {
- $DCCounter = 0
- $LockedOutStats = @()
- Try
- {
- Import-Module ActiveDirectory -ErrorAction Stop
- }
- Catch
- {
- Write-Warning $_
- Break
- }
- }#end begin
- Process
- {
- #Get all domain controllers in domain
- $DomainControllers = Get-ADDomainController -Filter *
- $PDCEmulator = ($DomainControllers | Where-Object {$_.OperationMasterRoles -contains "PDCEmulator"})
- Write-Verbose "Finding the domain controllers in the domain"
- Foreach($DC in $DomainControllers)
- {
- $DCCounter++
- Write-Progress -Activity "Contacting DCs for lockout info" -Status "Querying $($DC.Hostname)" -PercentComplete (($DCCounter/$DomainControllers.Count) * 100)
- Try
- {
- $UserInfo = Get-ADUser -Identity $Identity -Server $DC.Hostname -Properties AccountLockoutTime,LastBadPasswordAttempt,BadPwdCount,LockedOut -ErrorAction Stop
- }
- Catch
- {
- Write-Warning $_
- Continue
- }
- If($UserInfo.LastBadPasswordAttempt)
- {
- $LockedOutStats += New-Object -TypeName PSObject -Property @{
- Name = $UserInfo.SamAccountName
- SID = $UserInfo.SID.Value
- LockedOut = $UserInfo.LockedOut
- BadPwdCount = $UserInfo.BadPwdCount
- BadPasswordTime = $UserInfo.BadPasswordTime
- DomainController = $DC.Hostname
- AccountLockoutTime = $UserInfo.AccountLockoutTime
- LastBadPasswordAttempt = ($UserInfo.LastBadPasswordAttempt).ToLocalTime()
- }
- }#end if
- }#end foreach DCs
- $LockedOutStats | Format-Table -Property Name,LockedOut,DomainController,BadPwdCount,AccountLockoutTime,LastBadPasswordAttempt -AutoSize
- #Get User Info
- Try
- {
- Write-Verbose "Querying event log on $($PDCEmulator.HostName)"
- $LockedOutEvents = Get-WinEvent -ComputerName $PDCEmulator.HostName -FilterHashtable @{LogName='Security';Id=4740} -ErrorAction Stop | Sort-Object -Property TimeCreated -Descending
- }
- Catch
- {
- Write-Warning $_
- Continue
- }#end catch
- Foreach($Event in $LockedOutEvents)
- {
- If($Event | Where {$_.Properties[2].value -match $UserInfo.SID.Value})
- {
- $Event | Select-Object -Property @(
- @{Label = 'User'; Expression = {$_.Properties[0].Value}}
- @{Label = 'DomainController'; Expression = {$_.MachineName}}
- @{Label = 'EventId'; Expression = {$_.Id}}
- @{Label = 'LockedOutTimeStamp'; Expression = {$_.TimeCreated}}
- @{Label = 'Message'; Expression = {$_.Message -split "`r" | Select -First 1}}
- @{Label = 'LockedOutLocation'; Expression = {$_.Properties[1].Value}}
- )
- }#end ifevent
- }#end foreach lockedout event
- }#end process
- }#end function
- 本文转自 VirtualTom 51CTO博客,原文链接:http://blog.51cto.com/virtualtom/1130179,如需转载请自行联系原作者
