Its been a while since I did a blog post, so thought I would post some recent functions I threw together for the infrastructure team as I was doing a small session on scripting for them (Source control, PowerShell etc).

The 2 functions are both related to when someone gets locked out and trying to find out where they got locked out. (Seems to be discconected RDP sessions with us).


First i have to give props to  as this is the primary source of code for this one.

It filters through domain controllers and finds where an account was locked out. By default it returns up to the last 10 events, but you can change that with the MaxEvents parameter.

This allows you to query what rdp sessions are open on a server/s either piping through a list of servers or just adding them to the ServerName parameter. It’s a bit of a dirty thing as all im doing is running qwinsta.exe and formatting the output from a big nasty string to something more palatable.

I have hosted them on GitHub here: