Advertisement
guyrleech

Get AD account lockout from all DCs

Jul 11th, 2024
652
1
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PowerShell 0.51 KB | Source Code | 1 0
  1. ## Get all domain controllers for current domain and retrieve AD account lock events, going back a given period in time and showing which account and where it was locked from
  2.  
  3. [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain().DomainControllers.name | % { Get-WinEvent -FilterHashtable @{ LogName = 'Security' ; Id = 4740 ; StartTime = [datetime]::Now.AddDays( -7 ) } -ComputerName $_|select timecreated,MachineName,@{n='Account';e={$_.properties[0].value}},@{n='From';e={$_.properties[1].value}}}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement