FRIHOSTFORUMSSEARCHFAQTOSBLOGSCOMPETITIONS
You are invited to Log in or Register a free Frihost Account!

Powershell - Lockoutstatus




This is basically a powershell implementation of LockoutStatus

I've written this a while ago and it's a quick and dirty script that I needed to coock up fast.
this could be improved by using the pipeline and the ADUser object as input but it get's the job done.

Code:
function Get-LockoutStatus{
<#
.Synopsis
   Gets a user's lockout status from all domain controllers
.DESCRIPTION
   Gets a user's lockout status from all domain controllers
.PARAMETER UserName
The username to check
.EXAMPLE   
Get-Lockoutstatus -UserName testuser
Gets the lockout status for the user 'testuser' from all Domain Controllers.

.NOTES
author: Marcuzzo
#>

    [CmdletBinding()]
    param(
        [Parameter( Mandatory = $true )]
        [string] $UserName
    )

    begin
    {   
        Add-Type -AssemblyName "System.DirectoryServices.AccountManagement"
        [System.DirectoryServices.ActiveDirectory.Domain] $ADDomain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
    }

    process
    {
       
       foreach( $DomainController in $ADDomain.DomainControllers )
       {
       
        [System.DirectoryServices.AccountManagement.PrincipalContext] $PrincipalContext = New-Object `
            -TypeName System.DirectoryServices.AccountManagement.PrincipalContext `
            -ArgumentList ([System.DirectoryServices.AccountManagement.ContextType]::Domain), $DomainController.Name

        [System.DirectoryServices.AccountManagement.UserPrincipal] $UserPrincipal = New-Object `
            -TypeName System.DirectoryServices.AccountManagement.UserPrincipal `
            -ArgumentList $PrincipalContext

        $UserPrincipal.SamAccountName = $UserName

        [System.DirectoryServices.AccountManagement.PrincipalSearcher] $PrincipalSearcher = New-Object `
            -TypeName System.DirectoryServices.AccountManagement.PrincipalSearcher($UserPrincipal)

        $SearchResult = $PrincipalSearcher.FindAll()

        foreach( $principal in $SearchResult )
        {
                   
            $object = New-Object –TypeName PSObject
            $object | Add-Member –MemberType NoteProperty –Name DomainController –Value $DomainController.Name
            $object | Add-Member –MemberType NoteProperty –Name Site –Value $DomainController.SiteName
            $object | Add-Member –MemberType NoteProperty –Name IsLockedOut –Value $principal.IsAccountLockedOut()
            $object | Add-Member –MemberType NoteProperty –Name LastBadPasswordAttempt –Value $principal.LastBadPasswordAttempt
            $object | Add-Member –MemberType NoteProperty –Name LastPasswordSet –Value $principal.LastPasswordSet
            $object | Add-Member –MemberType NoteProperty –Name AccountLockoutTime –Value $principal.AccountLockoutTime
            $object | Add-Member –MemberType NoteProperty –Name BadPwdCount –Value $principal.BadLogonCount

            Write-Output $object   
           
        }

        $PrincipalSearcher.Dispose()
        $UserPrincipal.Dispose()
        $PrincipalContext.Dispose()

       }
   
    }

    end
    {
        $ADDomain.Dispose()
    }
   
}




Hope this will be usefull to anybody



0 blog comments below




FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.