Sample script that searches Active Directory for all users who have at least one failed logon. The badPwdCount attribute is not replicated to the Global Catalog; you cannot connect to a Global Catalog server and search across the forest for users who have had a specified number of failed logons. Note that this attribute is not replicated within a domain, either. To determine the number of times a user has failed to log on, you will have to retrieve this value from each domain controller.

Visual Basic
Edit|Remove
On Error Resume Next

Const ADS_SCOPE_SUBTREE = 2

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection

objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 

objCommand.CommandText = _
    "SELECT Name FROM 'LDAP://dc=fabrikam,dc=com' WHERE objectCategory='user' " & _
        "AND badPwdCount > 0"
Set objRecordSet = objCommand.Execute

objRecordSet.MoveFirst
Do Until objRecordSet.EOF
    Wscript.Echo objRecordSet.Fields("Name").Value
    objRecordSet.MoveNext
Loop