PowerShell Script to Identify Locked Users

PowerShell Script to Identify Locked Users

by

Managing user accounts and security is a crucial aspect of maintaining a healthy Active Directory environment. One common scenario administrators encounter is identifying and managing locked user accounts. In this blog post, we’ll explore a PowerShell script that makes it easy to pinpoint locked users in Active Directory.

Prerequisites:

Before diving into the script, ensure that you have the necessary permissions and the Active Directory module installed on your machine. You can install the module by adding the “Remote Server Administration Tools (RSAT)” feature.

The PowerShell Script:

# Import the Active Directory module
Import-Module ActiveDirectory

# Get locked users in Active Directory
$lockedUsers = Get-ADUser -Filter {LockedOut -eq $true} -Properties SamAccountName,LockedOut

# Display the locked users
foreach ($user in $lockedUsers) {
    Write-Host "User: $($user.SamAccountName) is locked out."
}

How to Use:

  1. Save the Script: Save the script with a .ps1 extension (e.g., Get-LockedUsers.ps1).
  2. Run the Script: Open a PowerShell window, navigate to the directory where the script is saved, and execute the script using the following command: .\Get-LockedUsers.ps1

Understanding the Script:

  • Import-Module ActiveDirectory: This line imports the Active Directory module, allowing the use of cmdlets related to Active Directory.
  • Get-ADUser -Filter {LockedOut -eq $true} -Properties SamAccountName,LockedOut: This cmdlet retrieves user accounts that are currently locked out. It filters users based on the ‘LockedOut’ property being equal to $true and fetches additional properties like SamAccountName for display.
  • foreach ($user in $lockedUsers): Iterates through the collection of locked users retrieved from the previous step.
  • Write-Host “User: $($user.SamAccountName) is locked out.”: Displays the SamAccountName of each locked user.

This PowerShell script simplifies the process of identifying locked users in your Active Directory environment. Regularly running this script can help administrators stay on top of security, promptly addressing locked accounts and ensuring a smooth user experience.