Lock Active Directory User Account - PowerShell

-

In this post, I describe how you can lock an Active Directory User Account using PowerShell.


As far as I can tell, it's not possible to lock an Active Directory User Account in the Active Directory management tools UI (Active Directory Users and Computers).  However, sometimes it's necessary to lock an account, for example, if you are testing a tool which unlocks an account, such as XIA Automation.


Locking an Active Directory User Account

To lock an Active Directory User Account in PowerShell, we can write a simple script.


Firstly, we get the account lockout threshold from group policy:

$AccountLockoutThreshold = ((([xml](Get-GPOReport -Name "Default Domain Policy" -ReportType Xml)).GPO.Computer.ExtensionData.Extension.Account |
            Where-Object name -eq LockoutBadCount).SettingNumber)

You could also just hard code this if you know the value:

$AccountLockoutThreshold = 5


Next, we need to specify the user account we want to lock, and provide an incorrect password:

$username = "howardsimpson"

$password = ConvertTo-SecureString 'incorrect password' -AsPlainText -Force

$credential = New-Object System.Management.Automation.PSCredential ($username, $password)    


Finally, we then need to loop through a login attempt using those credentials until the account lockout threshold has been reached:

$attempts = 0

Do {                         

    $attempts++

    Write-Output "'$username' login attempt $attempts"

    Enter-PSSession -ComputerName 2K19-DC -Credential $credential -ErrorAction SilentlyContinue           

}

Until ($attempts -eq $AccountLockoutThreshold)


Script to lock an Active Directory User Account

Here is the complete script:

$AccountLockoutThreshold = ((([xml](Get-GPOReport -Name "Default Domain Policy" -ReportType Xml)).GPO.Computer.ExtensionData.Extension.Account |
            Where-Object name -eq LockoutBadCount).SettingNumber)

if (!$AccountLockoutThreshold) { Write-Output "Account Lockout Threshold is Not Defined in Default Domain Policy"; return; }

Write-Output "Account will lock out after '$AccountLockoutThreshold' invalid login attempts"

$username = "howardsimpson"

$password = ConvertTo-SecureString 'incorrect password' -AsPlainText -Force

$credential = New-Object System.Management.Automation.PSCredential ($username, $password)   

$attempts = 0

Do {                         

    $attempts++

    Write-Output "'$username' login attempt $attempts"

    Enter-PSSession -ComputerName 2K19-DC -Credential $credential -ErrorAction SilentlyContinue           

}

Until ($attempts -eq $AccountLockoutThreshold)

Write-Output "'$username' successfully locked out." 

The output should look like this:

Lock Active Directory User Account PowerShell script output

Research source: https://mikefrobbins.com/2013/11/28/lock-out-active-directory-user-accounts-with-powershell/

Comments

Post a Comment

Popular posts from this blog

LG TV This app will now restart to free up more memory

-
Image
This post describes how to fix the error "This app will now restart to free up more memory" which can occur when using apps such as Netflix on an LG TV after just a few minutes of use. Resolution To resolve the issue, unplug the TV then press the on/off button for 10 seconds.  Wait a further 20 seconds then plug the TV back in and turn it back on. Apps should now run without the error. Edit: The on/off button on my LG TV is directly under the standby light on the bottom of the TV. Edit: I didn't have to do this myself but one person who has left a comment said that clearing all browsing data worked for them.  I have written a post explaining how to do this: LG TV Clear All Browsing History Data . Edit: A few other people have also suggested turning off quick start in settings (and if it's already off, turn it on then off again).  I have written a post explaining how to do this: LG TV turn off Quick Start in settings Related Posts -  LG TV delete/remove/hide ch
Read more

LG TV Clear All Browsing History Data

-
Image
This post describes how to clear all browsing history data from an LG TV. This is one way to resolve the error " This app will now restart to free up more memory " sometimes seen on LG TVs. Process The process to clear all browsing history data is as follows: 1. Press the Home button on the remote control and keep pressing right until you find the Web Browser then open it. 2. Scroll the wheel on the remote control to reveal the pointer on screen, then press the three dots stacked vertically (located in the top right of the screen, next to the close button) to open the Menu. 3. Select Settings from the Menu. 4. Scroll to the bottom of the Settings to reach the Clear Browsing Data section. 5. Press the Clear All Browsing Data button then press Yes to confirm. Related Posts -  LG TV turn off Quick Start in settings -  LG TV move or delete apps and shortcuts on home screen
Read more

LG TV turn off Quick Start in settings

-
Image
This post describes how to turn off Quick Start on an LG TV. This is one way to resolve the error " This app will now restart to free up more memory " sometimes seen on LG TVs. Process The process to turn off Quick Start on my LG TV is as follows: 1. Press the Settings (cog icon) on the remote control, this opens the side settings menu on the right hand side of the TV screen. 2. Go down to All Settings (the three dots icon that turns into a cog icon on the screen) then click. 3. Go down until you reach General (the cog and spanner icon) 4. Press right then down until you reach Quick Start+ (note: you may need to select Additional Settings before doing this on some LG TVs). 5. Toggle Quick Start+ to the off position (the circle should slide to the left): Related Posts -  LG TV Clear All Browsing History Data -  LG TV move or delete apps and shortcuts on home screen
Read more