Vinc 웃 Vinc 웃 - 1 year ago 52
PowerShell Question

How can I verify if an AD account is locked?

I want to know if it is possible to verify if a specific AD account is locked.

The command

does not return this parameter :

 -------------------------- EXAMPLE 3 --------------------------

Command Prompt: C:\PS>
Get-ADUser GlenJohn -Properties *

- Surname : John
- Name : Glen John
- UserPrincipalName : jglen
- GivenName : Glen
- Enabled : False
- SamAccountName : GlenJohn
- ObjectClass :
- user SID :S-1-5-21-2889043008-4136710315-2444824263-3544
- ObjectGUID :e1418d64-096c-4cb0-b903-ebb66562d99d
- DistinguishedName : CN=Glen John,OU=NorthAmerica,OU=Sales,OU=UserAccounts,DC=FABRIKAM,DC=COM

Description :

Get all properties of the user with samAccountName 'GlenJohn'.

--------------------------END EXAMPLE --------------------------

Is there an other way to get this information ?

Answer Source

The LockedOut property is what you are looking for among all the properties you returned. You are only seeing incomplete output in TechNet. The information is still there. You can isolate that one property using Select-Object

Get-ADUser matt -Properties * | Select-Object LockedOut


The link you referenced doesn't contain this information which is obviously misleading. Test the command with your own account and you will see much more information.

Note: Try to avoid -Properties *. While it is great for simple testing it can make queries, especially ones with multiple accounts, unnecessarily slow. So, in this case, since you only need lockedout:

Get-ADUser matt -Properties LockedOut | Select-Object LockedOut