Sample script that searches Active Directory for all users who have at least one failed logon. The badPwdCount attribute is not replicated to the Global Catalog; you cannot connect to a Global Catalog server and search across the forest for users who have had a specified number of failed logons. Note that this attribute is not replicated within a domain, either. To determine the number of times a user has failed to log on, you will have to retrieve this value from each domain controller.

$strFilter = "(&(objectCategory=User)(badPwdCount>=0))"

$objDomain = New-Object System.DirectoryServices.DirectoryEntry

$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objDomain
$objSearcher.PageSize = 1000
$objSearcher.Filter = $strFilter

$colProplist = "name"
foreach ($i in $colPropList){$objSearcher.PropertiesToLoad.Add($i)}

$colResults = $objSearcher.FindAll()

foreach ($objResult in $colResults)
    {$objItem = $objResult.Properties; $}