有没有方法列出用户AD 用户在哪里lockout呢?可以参考如下微软网站上列出的Powershell 模板
#Requires -Version 2.0
Function Get-LockedOutLocation
{
<#
.SYNOPSIS
This function will locate the computer that processed a failed user logon attempt which caused the user account to become locked out.
.DESCRIPTION
This function will locate the computer that processed a failed user logon attempt which caused the user account to become locked out.
The locked out location is found by querying the PDC Emulator for locked out events (4740).
The function will display the BadPasswordTime attribute on all of the domain controllers to add in further troubleshooting.
.EXAMPLE
PS C:\>Get-LockedOutLocation -User Joe.Davis
This example will find the locked out location for Joe Davis.
.NOTE
This function is only compatible with an environment where the domain controller with the PDCe role to be running Windows Server 2008 SP2 and up.
The script is also dependent the ActiveDirectory PowerShell module, which requires the AD Web services to be running on at least one domain controller.
Author:Jason Walker
Last Modified: 12/7/2012
#>
[CmdletBinding()]
Param(
[Parameter(Mandatory=$True)]
[String]$Identity
)
Begin
{
$DCCounter = 0
$LockedOutStats = @()
Try
{
Import-Module ActiveDirectory -ErrorAction Stop
}
Catch
Write-Warning $_
Break
}#end begin
Process
{
#Get all domain controllers in domain
$DomainControllers = Get-ADDomainController -Filter *
$PDCEmulator = ($DomainControllers | Where-Object {$_.OperationMasterRoles -contains "PDCEmulator"})
Write-Verbose "Finding the domain controllers in the domain"
Foreach($DC in $DomainControllers)
$DCCounter++
Write-Progress -Activity "Contacting DCs for lockout info" -Status "Querying $($DC.Hostname)" -PercentComplete (($DCCounter/$DomainControllers.Count) * 100)
Try
{
$UserInfo = Get-ADUser -Identity $Identity -Server $DC.Hostname -Properties AccountLockoutTime,LastBadPasswordAttempt,BadPwdCount,LockedOut -ErrorAction Stop
}
Catch
Write-Warning $_
Continue
If($UserInfo.LastBadPasswordAttempt)
{
$LockedOutStats += New-Object -TypeName PSObject -Property @{
Name = $UserInfo.SamAccountName
SID = $UserInfo.SID.Value
LockedOut = $UserInfo.LockedOut
BadPwdCount = $UserInfo.BadPwdCount
BadPasswordTime = $UserInfo.BadPasswordTime
DomainController = $DC.Hostname
AccountLockoutTime = $UserInfo.AccountLockoutTime
LastBadPasswordAttempt = ($UserInfo.LastBadPasswordAttempt).ToLocalTime()
}
}#end if
}#end foreach DCs
$LockedOutStats | Format-Table -Property Name,LockedOut,DomainController,BadPwdCount,AccountLockoutTime,LastBadPasswordAttempt -AutoSize
#Get User Info
{
Write-Verbose "Querying event log on $($PDCEmulator.HostName)"
$LockedOutEvents = Get-WinEvent -ComputerName $PDCEmulator.HostName -FilterHashtable @{LogName='Security';Id=4740} -ErrorAction Stop | Sort-Object -Property TimeCreated -Descending
Catch
{
Continue
}#end catch
Foreach($Event in $LockedOutEvents)
{
If($Event | Where {$_.Properties[2].value -match $UserInfo.SID.Value})
{
$Event | Select-Object -Property @(
@{Label = 'User'; Expression = {$_.Properties[0].Value}}
@{Label = 'DomainController'; Expression = {$_.MachineName}}
@{Label = 'EventId'; Expression = {$_.Id}}
@{Label = 'LockedOutTimeStamp'; Expression = {$_.TimeCreated}}
@{Label = 'Message'; Expression = {$_.Message -split "`r" | Select -First 1}}
@{Label = 'LockedOutLocation'; Expression = {$_.Properties[1].Value}}
)
}#end ifevent
}#end foreach lockedout event
}#end process
}#end function
本文转自 VirtualTom 51CTO博客,原文链接:http://blog.51cto.com/virtualtom/1130179,如需转载请自行联系原作者
![“云管边端”协同的边缘计算安全防护解决方案0 引 言1 5G 及边缘计算2 边缘计算面临的风险3 “云管边端”安全防护技术4 “云管边端”安全防护实践5 结 语[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)