Ever wondered what user accounts exist in your Windows Domain and better still which of these accounts are Enabled or Disabled. Well here is a great way to find out, the Powershell script below will allow you to easily retireve a list of all the user accounts on your domain when run from a domain controller.
Get-WmiObject Win32_UserAccount -filter “LocalAccount=False” | Select-Object Name,Disabled
Below we have another almost identical script but this one has the added benefit of showing if a user account has been locked out, for instance a user may have exceeded the maximum number of failed logins or a hacker may have been trying to brute force a user account. As you can see this is achieved by just adding ,Lockout to the end of the script to query the account status.
Get-WmiObject Win32_UserAccount -filter “LocalAccount=False” | Select-Object Name,Disabled,Lockout
These scripts can be used in conjunction with your server monitoring software, such as GFI Max Remote Management.