Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How can I verify if an AD account is locked?

Tags:

powershell

active-directory

I want to know if it is possible to verify if a specific AD account is locked.

The command Get-ADUser does not return this parameter :

 -------------------------- EXAMPLE 3 --------------------------

 Command Prompt: C:\PS>
 Get-ADUser GlenJohn -Properties * 


  - Surname : John 
  - Name : Glen John
  - UserPrincipalName : jglen
  - GivenName : Glen
  - Enabled : False
  - SamAccountName : GlenJohn
  - ObjectClass :
  - user SID :S-1-5-21-2889043008-4136710315-2444824263-3544
  - ObjectGUID :e1418d64-096c-4cb0-b903-ebb66562d99d
  - DistinguishedName : CN=Glen John,OU=NorthAmerica,OU=Sales,OU=UserAccounts,DC=FABRIKAM,DC=COM

 Description :
 -----------

 Get all properties of the user with samAccountName 'GlenJohn'.

 --------------------------END EXAMPLE --------------------------

Is there an other way to get this information ?

like image 974
Vinc 웃 Avatar asked Nov 20 '14 15:11

Vinc 웃

3 Answers

The LockedOut property is what you are looking for among all the properties you returned. You are only seeing incomplete output in TechNet. The information is still there. You can isolate that one property using Select-Object 

Get-ADUser matt -Properties * | Select-Object LockedOut

LockedOut
---------
False

The link you referenced doesn't contain this information which is obviously misleading. Test the command with your own account and you will see much more information.

Note: Try to avoid -Properties *. While it is great for simple testing it can make queries, especially ones with multiple accounts, unnecessarily slow. So, in this case, since you only need lockedout:

Get-ADUser matt -Properties LockedOut | Select-Object LockedOut
like image 62
Matt Avatar answered Nov 07 '22 17:11

Matt

Here's another one:

PS> Search-ADAccount -Locked | Select Name, LockedOut, LastLogonDate

Name                                       LockedOut LastLogonDate
----                                       --------- -------------
Yxxxxxxx                                        True 14/11/2014 10:19:20
Bxxxxxxx                                        True 18/11/2014 08:38:34
Administrator                                   True 03/11/2014 20:32:05

Other parameters worth mentioning:

Search-ADAccount -AccountExpired
Search-ADAccount -AccountDisabled
Search-ADAccount -AccountInactive

Get-Help Search-ADAccount -ShowWindow
like image 21
evilSnobu Avatar answered Nov 07 '22 16:11

evilSnobu

If you want to check via command line , then use command "net user username /DOMAIN"

enter image description here

like image 14
Aniket Warey Avatar answered Nov 07 '22 16:11

Aniket Warey
Sign in to Comment

Related questions

Suppress output from non-PowerShell commands?
How do I change my IIS Express SSL certificate for one that will work with Chrome 58+?
Powershell, output xml to screen
Determine the OS version, Linux and Windows from Powershell
Get last n lines or bytes of a huge file in Windows (like Unix's tail). Avoid time consuming options
Invoke-WebRequest : Cannot bind parameter 'Headers'
How to call Static method in powershell
What's the difference between single quote and double quote to define a string in powershell
Set-Content appends a newline (line break, CRLF) at the end of my file
Create PSCredential without a password
How to Use Powershell to execute a program against all files in a directory
Powershell New-WebApplication
How do I use PowerShell to Validate XML files against an XSD?
Is there a PowerShell "string does not contain" cmdlet or syntax?
Is there a single PowerShell command to copy and rename files?
Saving credentials for reuse by powershell and error ConvertTo-SecureString : Key not valid for use in specified state
How to Login without prompt?
Powershell saving XML and preserving format
Export-CSV exports length but not name
How do I set an env variable in PowerShell if it doesn't exist?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!