Active Directory User Account Locked Out Audit

Find Locked Out Active Directory Users

Active Directory is used in almost all organizations to organize and manage both devices and users. Lansweeper can scan users directly from active directory along with a wide range of active directory attributes like whether the account has been locked out and at what time.

Along with basic information about the user like their name and domain, this audit also lists the AD status and the time and date when the lockout occurred. This lets you easily find locked out users without the need of Powershell scripts or CMD commands and shows it all in one overview. From the report, you can also navigate straight to the user's page to get all the detailed about the user including the devices that have been logged into.

AD user locked out

 

Active Directory User Account Locked Out Query

Select Top 1000000 Case
    When tblADusers.Displayname Is Null Or
      tblADusers.Displayname = '' Then tblADusers.Userdomain + '\' +
      tblADusers.Username
    Else tblADusers.Displayname
  End As Displayname,
  tblADusers.Department,
  tblADusers.Title,
  tblADusers.Username,
  tblADusers.Userdomain,
  tblADusers.IsEnabled As EnabledInAD,
  'usersm.png' As Icon,
  tblADusers.LockoutDate
From tblADusers
Where tblADusers.LockoutDate Is Not Null
Order By tblADusers.LockoutDate,
  Displayname

Audit and Take Action in 3 Easy Steps

Download-Install-Lansweeper

1. Download & Install Lansweeper

Save-and-Run-the-Report

3. Run the Audit & Take Action

Download Lansweeper to Run this Audit

Harness the Power of Reporting