Summary
# Method 1 : Get-ADDefaultDomainPasswordPolicy
We can use the Active Directory powershell cmdet Get-ADDefaultDomainPasswordPolicy to gets the account lockout policy settings for an Active Directory domain. Before proceed, run the below command to import the Active Directory module.
Import-Module ActiveDirectory
The below command get the default account lockout policy from current logged on user domain.
Get-ADDefaultDomainPasswordPolicy | Select LockoutDuration,LockoutObservationWindow,` LockoutThreshold | FL
This command returns the following results (LockoutDuration,LockoutObservationWindow and LockoutThreshold).
PS C:> Get-ADDefaultDomainPasswordPolicy | Select LockoutDuration,LockoutObservationWindow,` LockoutThreshold | FL LockoutDuration : 00:30:00 LockoutObservationWindow : 00:30:00 LockoutThreshold : 6
# Method 2 : Get-ADObject
We can also use Get-ADObject to retrieve account lockout policy associated properties from the domain naming context (defaultNamingContext).
$RootDSE = Get-ADRootDSE $AccountPolicy = Get-ADObject $RootDSE.defaultNamingContext -Property lockoutDuration,` lockoutObservationWindow, lockoutThreshold $AccountPolicy | Select Name,` @{n="Lockout duration";e={"$($_.lockoutDuration / -600000000) minutes"}},` @{n="Reset lockout counter";e={"$($_.lockoutObservationWindow / -600000000) minutes"}},` @{n="Lockout Threshold";e={"$($_.lockoutThreshold) invalid logon attempts"}} | FL
The above command returns the following results (Lockout duration, Reset lockout counter and Lockout Threshold).
Name : contoso Lockout duration : 30 minutes Reset lockout counter : 30 minutes Lockout Threshold : 6 invalid logon attempts
# Method 3 : net accounts
We can also use the following net command to look at the account lockout policy details.
net accounts
This command returns the following results (Lockout duration (minutes), Lockout observation window (minutes) and Lockout threshold).
PS C:> net accounts Force user logoff how long after time expires?: Never Minimum password age (days): 1 Maximum password age (days): 42 Minimum password length: 7 Length of password history maintained: 24 Lockout threshold: 6 Lockout duration (minutes): 30 Lockout observation window (minutes): 30 Computer role: PRIMARY The command completed successfully.