AD account on timed lock?

The other day I was waiting for my account to unlock, so I had a few minutes to kill so I decided to write a tool to pass the time.

I wrote a script to tell me how long I had left to wait… pretty crude but I had fun.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
Function Get-LockoutRemainingTime
{
  Param($ID)
  Try
  {
    $Account = Get-ADUser $ID -Properties LockedOut,AccountLockoutTime
    $Domain = [ADSI]"WinNT://$env:userdomain"
    $UnlockInt = $Domain.AutoUnlockInterval
    If($Account.LockedOut -eq $TRUE)
    {
      Write-Host -BackgroundColor DarkRed "Account $($Account.Name) is locked out!"
      [Int32]$i = ($Account.AccountLockoutTime.AddSeconds(1800) | %{New-TimeSpan $(Get-Date) $_}).TotalSeconds
      Do{Write-Host "Account Unlocked in $i seconds";$i--;start-sleep -s 1}While($i -ne 0)
    }
    Else
    {
      Write-Host -BackgroundColor DarkGreen "Account $($Account.Name) is not locked out!"
    }
  }
  Catch
  {
    Write-Host "Script Failure - $($_.Exception.Message)"
  }
}#End Function
 
Get-LockoutRemainingTime -ID "CN or DN"

Hope this helps.

All information is provided on an AS-IS basis, with no warranties and confers no rights.