Help with running script

Hi all,

I have this script

type or paste c$SamAccountName = Read-Host -Prompt 'Please Enter User Name'

while ($SamAccountName -ne 'Done')
{

    if ($SamAccountName -eq "")
    {
      Write-Host -ForegroundColor Magenta "User name annot be blank!"  
    }
    else
    {
        
   
    $accountExist = [bool] (Get-ADUser -Filter { SamAccountName -eq $SamAccountName })

    if ($accountExist -eq "true" ){

    # The account exist and now we need to see if its locked out.

        # Locked

        if ( (Get-ADUser $SamAccountName  -Properties * | Select-Object LockedOut) -match "True" )

        
        {

        $PDC = (Get-ADDomainController -Filter * | Where-Object {$_.OperationMasterRoles -contains "PDCEmulator"})
        #Get user info
        $UserInfo = Get-ADUser -Identity $SamAccountName
        #Search PDC for lockout events with ID 4740
        $LockedOutEvents = Get-WinEvent -ComputerName  $PDC -FilterHashtable @{LogName='Security';Id=4740} -ErrorAction Stop | Sort-Object -Property TimeCreated -Unique | Select-Object -First 2
        #Parse and filter out lockout events
        Foreach($Event in $LockedOutEvents)
            {
            If($Event | Where {$_.Properties[2].value -match $UserInfo.SID.Value})
                {n

                    $Event | Select-Object -Property @(
                    @{Label = 'User Name'; Expression = {$_.Properties[0].Value}}
                    @{Label = 'Domain Controller'; Expression = {$_.MachineName}}
                    @{Label = 'Lockout Time Stamp'; Expression = {$_.TimeCreated}}
                    @{Label = 'Message'; Expression = {$_.Message -split "`r" | Select -First 1}}
                    @{Label = 'Lockout Source'; Expression = {$_.Properties[1].Value}}
                     )
                }
               
            }
              Write-Host  -ForegroundColor Yellow "The account '$SamAccountName' is locked."
#
        }

        if ( (Get-ADUser $SamAccountName  -Properties * | Select-Object LockedOut) -match "False" )

        {
            Write-Host  -ForegroundColor Green "The account '$SamAccountName' is not locked."
        }

   

    }


    else {

       
        
        Write-Host  -ForegroundColor Red "The account "$SamAccountName"  does not exist please re-enter username. "
        }
    }
    
    $SamAccountName = Read-Host -Prompt 'Please Enter User Name'

}
 

Read-Host -Prompt 'Press enter to exit'ode here

that should tell me if the user exists in AD and if it’s locked out or not if the user locked out the PowerShell should tell me the lockout source device but it’s not working can some help? thanks

Hi Alex, welcome to powershell.org.

“It’s not working” is not very helpful. Help us help you! What happens? Nothing? Errors? Computer bursts into flames?

sorry i will explain

the script is running but not showing me what is the lock source

if you have AD you can run it to check what im talking about

When I run

Get-ADDomainController -Filter *

I get a list of domain controllers. You’re not seeing your domain controllers with that command?

no, i can find my AD and I can find locked users but I want to see the locked source so add this code

           
         $PDC = (Get-ADDomainController -Filter * | Where-Object {$_.OperationMasterRoles -contains "PDCEmulator"})
#Get user info
$UserInfo = Get-ADUser -Identity $SamAccountName
#Search PDC for lockout events with ID 4740
$LockedOutEvents = Get-WinEvent -ComputerName  $PDC -FilterHashtable @{LogName='Security';Id=4740} -ErrorAction Stop | Sort-Object -Property TimeCreated -Unique | Select-Object -First 2
#Parse and filter out lockout events
Foreach($Event in $LockedOutEvents)
  {
    If($Event | Where {$_.Properties[2].value -match $UserInfo.SID.Value})
    {

      $Event | Select-Object -Property @(
        @{Label = 'User name'; Expression = {$_.Properties[0].Value}}
        @{Label = 'Domain Controller'; Expression = {$_.MachineName}}
        @{Label = 'Lockout Time Stamp'; Expression = {$_.TimeCreated}}
        @{Label = 'Message'; Expression = {$_.Message -split "`r" | Select -First 1}}
        @{Label = 'Lockout Source'; Expression = {$_.Properties[1].Value}}
      )

    }}

but seem like the script is not reading this or reading and i dont see the resoult
if you want i can show you what i mean

Are you sure this information exists only on the PDC emulator? I seem to remember that this information is stored on that particular DC where the user couldn’t authenticate itself successfully. So you would need to query ALL possible DCs for that information about a particular user.

this is was working until I add at the end of the script

 $SamAccountName = Read-Host -Prompt 'Please Enter User Name'

so now its not working and i don’t know who to start using this

So if you remove this does it work again?

OK, and why did you do this?

I’m confused. What?

i found solution
thank you all

How about sharing your solution here to help others with the same or a similar issue?

Thanks in advance.

sure thing
the solution was:
to change in this line $LockedOutEvents = Get-WinEvent -ComputerName $PDC -FilterHashtable @{LogName='Security';Id=4740} -ErrorAction Stop | Sort-Object -Property TimeCreated -Unique | Select-Object -First 2

instead of First 2` to Last 2

I would have prefered to see the code fomatted as code and see the code including the actual solution for others to be able to copy the solution right away.

But thanks anyway.