cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to determine if a local account is locked?

bikhod
Occasional Contributor

‎Apr 16 2020 04:11 AM

‎Apr 16 2020 04:11 AM

How to determine if a local account is locked?

Hi,

 

Within minutes of searching, I was able to find the script below which determines if an Active Directory account is locked:

 

Get-ADUser myaccount -Properties LockedOut | Select -Object LockedOut

 

However, after almost 1.5 hours of searching, I can't find a script that will tell me if a local account is locked!

 

Does anyone have a script for that?

 

Labels:
17.7K Views
0 Likes
7 Replies
Reply
7 Replies
Vasil Michev

‎Apr 16 2020 08:16 AM

‎Apr 16 2020 08:16 AM

Re: How to determine if a local account is locked?

Locked has a different meaning in AD, compared to Azure AD (where it basically means "blocked"). So depending on which one you're after, check either the lockoutTime attribute or the relevant "bit" of the UserAccountControl attribute: https://support.microsoft.com/en-ca/help/305144/how-to-use-useraccountcontrol-to-manipulate-user-acc...

0 Likes
Reply
Animesh Joshi

‎Apr 20 2020 06:52 PM

‎Apr 20 2020 06:52 PM

Re: How to determine if a local account is locked?

You can use win32_userAccount WMI class to do a remote query on a computer hosting the local account you want to get lockOut status of

get-wmiObject -class win32_userAccount -computerName <remote-computer> | where-object {$_.name -like 'localAcc1*'} | select-object -property status, lockOut, SID, disabled
1 Like
Reply
bikhod

‎Apr 28 2020 10:38 PM

‎Apr 28 2020 10:38 PM

Re: How to determine if a local account is locked?

@Vasil Michev 

 

Thanks. I am using Windows Enterprise Server and not Azure. 

 

0 Likes
Reply
bikhod

‎Apr 28 2020 11:40 PM

‎Apr 28 2020 11:40 PM

Re: How to determine if a local account is locked?

@Animesh Joshi 

 

Thanks.

 

I tried the below on the server but it just hangs.  PDB0V is the server name and SSRS is a local account on that server.

 

get-wmiObject -class win32_userAccount -computerName PDB0V| where-object {$_.name -like '*SSRS*'} | select-object -property status, lockOut, SID, disabled*

0 Likes
Reply
Animesh Joshi

‎May 04 2020 05:48 PM

‎May 04 2020 05:48 PM

Re: How to determine if a local account is locked?

Do you get any warnings/error messages?
Any reason you've added an asterisk '*' after disabled property
Have you tried putting FQDN of the server PDB0V
0 Likes
Reply
Kcmjr

‎Mar 21 2022 10:49 AM

‎Mar 21 2022 10:49 AM

Re: How to determine if a local account is locked?

@bikhod 

Realizing this post is old, try this on the system itself...

 

net user <username>

 

The output can be parsed to check for a line stating "Account Active       Yes" 

1 Like
Reply
TechThatworks

‎Mar 22 2022 02:22 PM

‎Mar 22 2022 02:22 PM

Re: How to determine if a local account is locked?

Hi
I know this post is kind of old, but maybe people finding this post are still looking for a solution. I believe this is the most simple command to find locked accounts in Active directory:

Search-ADAccount –LockedOut
0 Likes
Reply