04-16-2020 04:11 AM
Hi,
Within minutes of searching, I was able to find the script below which determines if an Active Directory account is locked:
Get-ADUser myaccount -Properties LockedOut | Select -Object LockedOut
However, after almost 1.5 hours of searching, I can't find a script that will tell me if a local account is locked!
Does anyone have a script for that?
04-16-2020 08:16 AM
Locked has a different meaning in AD, compared to Azure AD (where it basically means "blocked"). So depending on which one you're after, check either the lockoutTime attribute or the relevant "bit" of the UserAccountControl attribute: https://support.microsoft.com/en-ca/help/305144/how-to-use-useraccountcontrol-to-manipulate-user-acc...
04-20-2020 06:52 PM
04-28-2020 10:38 PM
04-28-2020 11:40 PM
Thanks.
I tried the below on the server but it just hangs. PDB0V is the server name and SSRS is a local account on that server.
get-wmiObject -class win32_userAccount -computerName PDB0V| where-object {$_.name -like '*SSRS*'} | select-object -property status, lockOut, SID, disabled*
05-04-2020 05:48 PM