Troubleshoot locked out user in Active Directory

Troubleshoot locked out account with PowerShell

Check if user is locked out:

Get-ADUser jsmith -Properties * | Select-Object LockedOut

Check number of times the user tried to log on to the account using an incorrect password (A value of 0 indicates that the value is unknown):

Get-ADUser jsmith -Properties * | Select-Object badpwdcount

Note that when the user logs in successfully the count is reset.

Get all locked out users:

Search-ADAccount -LockedOut | Select-Object Name, SamAccountName

Unlock user:

Unlock-ADAccount -Identity jsmith

List all users bad password count

# Get all users in AD that has an employeeID attribute
$dcs = get-adcomputer -Filter 'employeeID -like "*"'

# Get all users - change "-filter {enabled -eq $true}" to a username to get just one user
$users = get-aduser -filter {enabled -eq $true} | sort name;

# Loop through all users found
foreach ($user in $users) {
    $badpwdcount = 0;

    # Loop through each domain controller
    foreach ($dc in $dcs) {
        $newuser = get-aduser $user.samaccountname -server $dc.name -properties badpwdcount;

        # Increment bad password count
        $badpwdcount = $badpwdcount + $newuser.badpwdcount;
    }

    # Highlight account if bad password count is greater than 0
    if ($badpwdcount -gt 0) {
        $outline = "******* " + $user.name + " - Badpwdcount: " + $badpwdcount + " *******";
    }
    else {
        $outline = $user.name + " - Badpwdcount: " + $badpwdcount;
    }

    write-host $outline;
}

Account continues to go in LockedOut

Most commonly this happens when the user recently has had an expired password.

If the user continues to go in lockedOut the user most probably has a device somewhere that is stuck trying to login with an old password. This will continue to block the account just seconds after you open it.

Easiest way to find out what is causing this is by “Process of elimination”. Make the user completely shut down all his devices. Then turn on one by one. As soon as the user turns on a device and the account starts going in lockedOut again, you know that device is causing the problem.

If you need further tools to troubleshoot check out Account Lockout Tools by Microsoft.

Sources:

https://hkeylocalmachine.com/?p=107