It isn’t difficult to find locked-out user account information from Active Directory as long as you use PowerShell. The PowerShell cmdlet Search-ADAccount can provide you with a list of user accounts that have been locked out of the system, as is shown in the following PowerShell command:
Search-ADAccount -LockedOut -UsersOnly -ResultPageSize 2000 -resultSetSize $null | Select-Object Name, SamAccountName, DistinguishedName | Export-CSV “C:\Temp\LockedOutUsers.CSV” -NoTypeInformation
As you can see in the command above, the Search-ADAccount cmdlet supports specifying the LockedOut switch that only targets locked-out accounts. We have also specified the UsersOnly switch to ensure that the Search-ADAccount cmdlet targets only user accounts. As part of the command, we are exporting output to a CSV file for easy tracking.
Need more PowerShell scripts for Active Directory? Find all the top wanted PowerShell commands for Active Directory in one blog post.