Monitor AD Account for lock in PowerShell
Fri, Dec 31, 2010The function below can be used to monitor an AD account to see if it’s locked. If it is, it will automatically unlock the account and log it to the screen. I wrote this quickly for a service account that continued to lock, and we used it to keep the account unlocked until the source of the failed logins could be found. As you can see, it does require the Get-QADUser and Unlock-QADUser cmdlets from Quest.
<br />
Function Monitor-AccountForLock([string]$name,[int]$sec)<br />
{<br />
$i=1<br />
While ($i=1){<br />
If ($(Get-QADUser $name).AccountIsLockedOut){<br />
Write-Host $(Get-Date).ToShortTimeString() " : Account is locked! Unlocking!"<br />
Unlock-QADUser $name<br />
}<br />
Else {Write-Host $(Get-Date).ToShortTimeString() " : Account is not locked."}<br />
Sleep $sec}
``
`<br />
Function Monitor-AccountForLock([string]$name,[int]$sec)<br />
{<br />
$i=1<br />
While ($i=1){<br />
If ($(Get-QADUser $name).AccountIsLockedOut){<br />
Write-Host $(Get-Date).ToShortTimeString() " : Account is locked! Unlocking!"<br />
Unlock-QADUser $name<br />
}<br />
Else {Write-Host $(Get-Date).ToShortTimeString() " : Account is not locked."}<br />
Sleep $sec}`
``