PowerShell AD Lockout

[kayvanaarssen]

Hi,

I've found your script of the AD Lockout very nice.
It would be nice to include failed login attempts form netlogon.log in: C:\windows\debug\netlogon.log

So you can find out where the login attempts are done from.
If netlogon logging is enabled ofcourse.

Would that be an option.

https://github.com/PaoloFrigo/scriptinglibrary/blob/master/Blog/PowerShell/Send-ADLockedOutEventToTeams.ps1

You would then see something like this:

06/18 09:45:03 [LOGON] [7632] DOMAIN: SamLogon: Transitive Network logon of DOMAIN\kay from WORKSTATION (via EXCH-01) Returns 0xC0000234

0xC0000234 indicates failed login.

[kayvanaarssen]

I've found your Advanced script and made that work Thanks!