locked users and location of lockedout only for specific OU

HI,

somebody have a working script for this purpose?

i have a working script that searching for locked users in <u>specific OU</u>, exports this to csv and sending mail…

need to know the location where this users are locked…

something like this, but only for specific OU or only for users (samaccounts) from csv:

User LockoutTimeStamp LockoutSource

User 27/04/2020 9:07:42 OFK-NAS

thank you

You will need to query every sinlge DC’s eventlog for that information.

even if only one dc have a pdcemulator?

and how i can do it?

10x

Have you searched? This is covered many many times…

https://devblogs.microsoft.com/scripting/use-powershell-to-find-the-location-of-a-locked-out-user/

[quote quote=222912]Have you searched? This is covered many many times…

Use PowerShell to Find the Location of a Locked-Out User
<iframe class="wp-embedded-content" title="“Use PowerShell to Find the Location of a Locked-Out User” — Scripting Blog" src="https://devblogs.microsoft.com/scripting/use-powershell-to-find-the-location-of-a-locked-out-user/embed/#?secret=s4gDyQldcC" width="600" height="325" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" sandbox="allow-scripts" data-secret="s4gDyQldcC" data-mce-fragment="1"></iframe>

[/quote]
been in this page a lot of times … believe me i am searched…

i cant see in this page working example for specific OU, not all domain

 

Finding a script that fits exactly what you want is more luck than probable. Get-ADUser has a parameter to limit the scope to an OU, you just need to update the command to return what you want:

-SearchBase Specifies an Active Directory path to search under.

When you run a cmdlet from an Active Directory provider drive, the default value of this parameter is the current path of the drive.

When you run a cmdlet outside of an Active Directory provider drive against an AD DS target, the default value of this parameter is the default naming context of the target domain.

When you run a cmdlet outside of an Active Directory provider drive against an AD LDS target, the default value is the default naming context of the target LDS instance if one has been specified by setting the msDS-defaultNamingContext property of the Active Directory directory service agent (DSA) object (nTDSDSA) for the AD LDS instance. If no default naming context has been specified for the target AD LDS instance, then this parameter has no default value.

When the value of the SearchBase parameter is set to an empty string and you are connected to a GC port, all partitions will be searched. If the value of the SearchBase parameter is set to an empty string and you are not connected to a GC port, an error will be thrown.

Ok, can you help me with this code? what i do wrong …? its works , but with 2 problems

  1. its not realy checks only users from one OU, a see all the locked users from domain

  2. export command exporting to csv only one user, in ps terminal i see a lot of users, but in mail and in csv exported file only one

$UserInfo = Search-ADAccount -LockedOut -SearchBase “OU=Users,OU=HERUM,DC=Domain,DC=GOV” -SearchScope Subtree
$LockedOutEvents = Get-WinEvent -ComputerName $PDCEmulator.HostName -FilterHashtable @{LogName=‘Security’;Id=4740} -ErrorAction Stop | Sort-Object -Property TimeCreated -Descending
#Parse and filter out lockout events
Foreach($Event in $LockedOutEvents)
{
If($Event | Where {$_.Properties[2].value -match $UserInfo.SID.Value})
{

$Event | Select-Object -Property @(
@{Label = ‘User’; Expression = {$_.Properties[0].Value}}

@{Label = ‘DomainController’; Expression = {$_.MachineName}}

@{Label = ‘EventId’; Expression = {$_.Id}}

@{Label = ‘LockTime’; Expression = {$.TimeCreated}}
@{Label = ‘Message’; Expression = {$
.Message -split “`r” | Select -First 1}}
@{Label = ‘LockLocation’; Expression = {$_.Properties[1].Value}}
)| export-csv -path C:\pslocked\locked.csv

}}

if((Get-Content “C:\pslocked\locked.csv”) | %{$_ -match $UserInfo})

{
$Header = @"
<style>
TABLE {border-width: 1px; border-style: solid; border-color: black; border-collapse: collapse;}
TH {border-width: 1px; padding: 3px; border-style: solid; border-color: black; background-color: #6495ED;}
TD {border-width: 1px; padding: 3px; border-style: solid; border-color: black;}
</style>
"@

$user = (Import-Csv C:\pslocked\locked.csv | ConvertTo-Html -Property User, Message, LockLocation, LockTime -Head $Header)
$mailBody =
@"
<center><b>
$user
$LockoutTimeStamp
$LockoutSource
</b></center>
"@
Send-MailMessage -Body $mailBody -BodyAsHtml `
-From ‘Admin <admin@asdasd.com>’ -To ‘admin1 <mail1@asdasd.coml>’, ‘admin2<mail2@gfdg.com>’ -Subject “locked users” -Encoding $([System.Text.Encoding]::UTF8) -Priority High -DeliveryNotificationOption OnSuccess, OnFailure -SmtpServer mailserver.com

}

else{
scriptbock
}