PowerShell Version 1 script to find all accounts that are experiencing bad password attempts. The script finds all accounts where the badPwdCount attribute has a value greater than 0. This attribute is not replicated so every domain controller in the domain must be queried. For each account found on each domain controller the script outputs the values of the distinguishedName, sAMAccountName, logonCount, badPwdCount, and badPasswordTime attributes. The last three values are not replicated, so they will be different on every DC. The values are output in comma delimited format. If the output is redirected to a text file, the file can be opened in Microsoft Excel. The DC with the PDC Emulator role is identified by appending the string "(PDCe)". All bad password attempts are forwarded to the PDC Emulator.
FindBadPwdAttempts.txt <<-- Click here to view or download the program