Sign in
 
HomeLibraryLearnDownloadsRepositoryCommunityForumsBlog

Search for All Users with More Than One Failed Logon

Sample script that searches Active Directory for all users who have at least one failed logon. The badPwdCount attribute is not replicated to the Global Catalog; you cannot connec

 
 
 
 
 
(0)
Add to favorites
Active Directory
8/10/2009
E-mail Twitter del.icio.us Digg Facebook
  • Hide
    Time frame for this failed login check?
    2 Posts | Last post September 18, 2015
    • Written May 21, 2014 
      What is the timeframe for 'at least one failed logon attempt' in this script.  Is it over the entire current event log?   Thanks very much.  -Andy
    • Written September 18, 2015 
      The badPwdCount attribute is reset to 0 on the domain controller when the user authenticates with the correct password.
  • Hide
    badPwdCount not replicated
    1 Posts | Last post September 18, 2015
    • Written September 18, 2015 
      Since the badPwdCount attribute is not replicated, you really should query all domain controllers in the domain. The search base can include the host name of a DC.