PowerShell Version 1 script to assist in troubleshooting accounts experiencing bad password attempts. It can also be used to investigate how accounts get locked out in Active Directory. The script finds the values of the sAMAccountName, pwdLastSet, lockoutTime, lastLogon, logonCount, badPwdCount, and badPasswordTime attributes for a specified Account. The last 4 attributes are not replicated, so a different value is saved on every domain controller in the domain. A separate line of output is generated for each domain controller.

The script prompts for either the distinguished name or the sAMAccountName of an account. You can also pass either the distinguished name or sAMAccountName to the script as a parameter. The script outputs in comma delimited format. If the output is redirected to a text file, it can be opened in Microsoft Excel. The DC with the PDC Emulator role is identified by appending the string "(PDCe)".

FindUserBadPwdAttempts.txt <<-- Click here to view or download the program