Apr 16 2020 04:11 AM
Hi,
Within minutes of searching, I was able to find the script below which determines if an Active Directory account is locked:
Get-ADUser myaccount -Properties LockedOut | Select -Object LockedOut
However, after almost 1.5 hours of searching, I can't find a script that will tell me if a local account is locked!
Does anyone have a script for that?
Apr 16 2020 08:16 AM
Locked has a different meaning in AD, compared to Azure AD (where it basically means "blocked"). So depending on which one you're after, check either the lockoutTime attribute or the relevant "bit" of the UserAccountControl attribute: https://support.microsoft.com/en-ca/help/305144/how-to-use-useraccountcontrol-to-manipulate-user-acc...
Apr 20 2020 06:52 PM
Apr 28 2020 10:38 PM
Apr 28 2020 11:40 PM
Thanks.
I tried the below on the server but it just hangs. PDB0V is the server name and SSRS is a local account on that server.
get-wmiObject -class win32_userAccount -computerName PDB0V| where-object {$_.name -like '*SSRS*'} | select-object -property status, lockOut, SID, disabled*
May 04 2020 05:48 PM
Mar 21 2022 10:49 AM
Realizing this post is old, try this on the system itself...
net user <username>
The output can be parsed to check for a line stating "Account Active Yes"
Mar 22 2022 02:22 PM