PowerShell: Lock User Accounts inside an OU

I am currently working on a PowerShell script that will tell you what accounts are locked out and the OU they are in. You can now check this out here.

I have a script that will lock user accounts inside an OU. This is good for testing the above program.

#Requires -Version 3.0
#Requires -Modules ActiveDirectory, GroupPolicy
if ($LockoutBadCount = ((([xml](Get-GPOReport -Name "Default Domain Policy" -ReportType Xml)).GPO.Computer.ExtensionData.Extension.Account |
Where-Object name -eq LockoutBadCount).SettingNumber)) {
$Password = ConvertTo-SecureString 'NotMyPassword' -AsPlainText -Force
Get-ADUser -Filter * -SearchBase "OU=Test,DC=IT,DC=com" -Properties SamAccountName, UserPrincipalName, LockedOut |
ForEach-Object {
for ($i = 1; $i -le $LockoutBadCount; $i++) {
Invoke-Command -ComputerName hyperv {Get-Process
} -Credential (New-Object System.Management.Automation.PSCredential ($($_.UserPrincipalName), $Password)) -ErrorAction SilentlyContinue
}
Write-Output "$($_.SamAccountName) has been locked out: $((Get-ADUser -Identity $_.SamAccountName -Properties LockedOut).LockedOut)"
}
}

LockAccountsOU

Installing Active Directory with PowerShell

PowerShell has grown a lot over the last decade and now you are able to control a Domain Controller with a few simple commands. This is very exciting and this guide will help all of you IT Pros. Lets get started.

 

First you will have to install the Active Directory Domain Service Role.

Make sure your PowerShell has the elevated rights and type in the following command:

Get-WindowsFeature AD-Domain-Services | Install-WindowsFeature

Now it is time to do the Prerequisites Check (PC) which will alert you with suggested repair options, and inform you of security changes.