This article is about search the Windows Security event logs on the DC with the PDC role to list the account lockout information using PowerShell.
- Open the PowerShell ISE using administrator rights.
- Run the command to get the PDC from the domain and put it in a variable ($pdc in this case)
$pdc = (get-addomain).pdcemulator
- Run the PS command to get the windows event in the Security logs with ID 4740
Get-WinEvent -ComputerName $pdc -LogName Security | Where-Object ID -EQ ‘4740’
- Alternative, the Invoke-Command can be used to execute it on the PDC
Invoke-Command -ComputerName $pdc -Credential(Get-Credential) -ScriptBlock{Get-WinEvent -LogName Security | Where-Object id -EQ ‘4740’}
For me information on using the Get-WinEvent cmdlet, refer to the Microsoft documentation here.
IT Wiz Technology Blog 