PowerShell function to find the location where an Active Directory user was locked out

In case an Active Directory user gets frequently locked out, you can use this PowerShell function to check on which computer the lockout occurs. It does so by querying the Security Event Logs of the Domain Controllers. Once you have determined on which computer the lockout occurs, you still need to find out what exactly is causing the account lockout. This can be a manual drive mapping, a service running under the user account, an ODBC connection, etc.

Get the most current version of this script at GitHub.

Leave a Reply

Your email address will not be published. Required fields are marked *