AD account on timed lock?

The other day I was waiting for my account to unlock, so I had a few minutes to kill so I decided to write a tool to pass the time.

I wrote a script to tell me how long I had left to wait… pretty crude but I had fun.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
Function Get-LockoutRemainingTime
{
Param($ID)
Try
{
$Account = Get-ADUser $ID -Properties LockedOut,AccountLockoutTime
$Domain = [ADSI]"WinNT://$env:userdomain"
$UnlockInt = $Domain.AutoUnlockInterval
If($Account.LockedOut -eq $TRUE)
{
Write-Host -BackgroundColor DarkRed "Account $($Account.Name) is locked out!"
[Int32]$i = ($Account.AccountLockoutTime.AddSeconds(1800) | %{New-TimeSpan $(Get-Date) $_}).TotalSeconds
Do{Write-Host "Account Unlocked in $i seconds";$i--;start-sleep -s 1}While($i -ne 0)
}
Else
{
Write-Host -BackgroundColor DarkGreen "Account $($Account.Name) is not locked out!"
}
}
Catch
{
Write-Host "Script Failure - $($_.Exception.Message)"
}
}#End Function

Get-LockoutRemainingTime -ID "CN or DN"

Hope this helps.

All information is provided on an AS-IS basis, with no warranties and confers no rights.