98 words (approximately 1 min)

Overview

Module: ActiveDirectory

The Active Directory module requires RSAT tools for Windows.

manage user accounts

locked accounts

Find locked user accounts:

Search-AdAccount -LockedOut

Unlock user accounts:

Unlock-ADAccount -Identity 'lockeduser'

Or, both in one command:

Search-ADAccount -LockedOut | Unlock-ADAccount

find the source of locked accounts

  1. Find the Domain Controller with the PDCe role:

    $pdce = Get-ADDomain.PDCEmulator

  2. Check the Event Log for lockouts (ID 4740):

    $filter = @{'LogName' = 'Security';'Id' = 4740}
$events = Get-WinEvent -ComputerName $pdce -FilterHashTable $filter
$events | Select-Object @{'Name' ='UserName'; Expression={$_.Properties[0]}}, @{'Name' ='ComputerName';Expression={$_.Properties[1]}}

find an ad user by property

Get-ADUser -Filter "EmployeeNumber -eq '000024'" -Properties *