Last week I had a user report that his account kept locking a number of time throughout the day. Usually this is because they haven’t logged out of a machine and then have changed their network password, so when that remote machine tries to authenticate… bang account lockout.
More often than not, the user has no idea what he is still logged into, so the only way is to solve this is to go through the Security event logs on each domain controller and find the account lockout event for that user. This will then tell you from what machine the account lockout took place. You can then get the user to log out and problem fixed.
Although this works, to be honest it’s manual process which really like most manual processes…it’s boring. So then I thought, why not create a PowerShell script that can easily do this for me.