Finding Locked Out Users

Posted by Bart Silverstrim on Server Fault See other posts from Server Fault or by Bart Silverstrim
Published on 2011-02-04T14:46:28Z Indexed on 2011/02/04 15:27 UTC
Read the original article Hit count: 238

Active Directory up to 2008 network (our servers are a mix of 2008, 2003...)

I'm looking for a quick way to query AD to find out what users are locked out, preferably from a batch or script file, to monitor for possible issues with either user accounts being attacked by an automated attack or just anomalies in the network.

I've Googled and my Google-fu has failed; I found a query off Microsoft's own knowledgebase that cites a string to use on Server 2003 with the management snap-in's saved queries (http://support.microsoft.com/kb/555131) but when I entered it, the query returned 400 users that a spot-check showed did NOT have a checkmark in the "Account is locked out" box under "account." In fact, I don't see anything wrong with their accounts.

Is there a simple utility (wisesoft bulkadusers apparently uses this method behind the scenes, since it's results were also wrong) that will give a count of users and possibly their user object names? Script? Something?

© Server Fault or respective owner

Related posts about windows-server-2008

Related posts about windows-server-2003