PowerShell script checks to see if an account is locked out/My first submission.

Version 1

     

    mikegaleadamlboyd

     

    # Comments #####################################################################

    # Application Name: @@Account Lockout Check

    # Created: December 6, 2016

    # Description: Checks to see if an AD user account is locked out.

    #

    # Notes:

    # This PowerShell script checks to see if an account is locked out. This script will be executed

    # by the polling engine that the node is currently assigned to. The script is written to accept

    # the first parameter, account name with/out the domain prefix (e.g. user_id) in the script arguments.

    #

    # prerequisites:

    # The polling engine must have the features below installed.

    # https://technet.microsoft.com/en-us/library/cc816817(v=ws.10).aspx

    #  +- Remote Server Administration Tools

    # |-+ Role Administration Tools

    # |-+ AD DS and AD LDS Tools

    # |-+ Active Directory module for Windows PowerShell.

     

     

    # get the account name from the script arguments.

    $SamAccountName = $args[0]

     

    # return true/false if the account exists.

    $accountExist = [bool] (Get-ADUser -Filter { SamAccountName -eq $SamAccountName })

     

    # return true/false if the account is locked.

    $accountLocked = [bool] (Get-ADUser $SamAccountName -Properties * | Select-Object LockedOut)

     

     

    # check to see if the account exists.

    if ($accountExist -eq "true"){

     

    # The account exist and now we need to see if its locked out.

     

        # Locked

        if ( (Get-ADUser $SamAccountName -Properties * | Select-Object LockedOut) -match "True" )

        {

    Write-Host "Message.0: The account '$SamAccountName' is locked."

    Write-Host "Statistic.0: 1"

    exit 0

        }

     

        # Not locked

        elseif ( (Get-ADUser $SamAccountName -Properties * | Select-Object LockedOut) -match "False")

        {

    Write-Host "Message.0: The account '$SamAccountName' is not locked."

    Write-Host "Statistic.0: 0"

    exit 0

        }

     

        # if the account exists but not sure if its locked out.

        else

        {

    Write-Host "Message.0: ERROR: PowerShell script error. Contact bsr@regions.com"

    Write-Host "Statistic.0: -5"

    exit 0

        }

     

    } #end of account exist if

     

     

     

     

    # if the account does not exist then exit with the BSR standard exit code.

    else {

    Write-Host "Message.0: The account '$SamAccountName' does not exist. "

    Write-Host "Statistic.0: -5"

    exit 0

    }