✨refactor: standardize function formatting and improve error handling in Get-LockedOutLocation

SamErde · SamErde · commit a57a7ead45c4 · 2025-08-28T08:51:52.000-04:00
diff --git a/Active Directory/AD Users/Get-LockedOutLocation.ps1 b/Active Directory/AD Users/Get-LockedOutLocation.ps1
@@ -1,60 +1,59 @@
-﻿#Requires -Version 2.0
-Function Get-LockedOutLocation {
+﻿function Get-LockedOutLocation {
     <#
 .SYNOPSIS
-	This function will locate the computer that processed a failed user logon attempt which caused the user account to become locked out.
+    This function will locate the computer that processed a failed user logon attempt which caused the user account to become locked out.
 
 .DESCRIPTION
-	This function will locate the computer that processed a failed user logon attempt which caused the user account to become locked out.
-	The locked out location is found by querying the PDC Emulator for locked out events (4740).
-	The function will display the BadPasswordTime attribute on all of the domain controllers to add in further troubleshooting.
+    This function will locate the computer that processed a failed user logon attempt which caused the user account to become locked out.
+    The locked out location is found by querying the PDC Emulator for locked out events (4740).
+    The function will display the BadPasswordTime attribute on all of the domain controllers to add in further troubleshooting.
 
 .EXAMPLE
-	PS C:\>Get-LockedOutLocation -Identity Joe.Davis
+    PS C:\>Get-LockedOutLocation -Identity Joe.Davis
 
 
-	This example will find the locked out location for Joe Davis.
+    This example will find the locked out location for Joe Davis.
 .NOTE
-	This function is only compatible with an environment where the domain controller with the PDCe role to be running Windows Server 2008 SP2 and up.
-	The script is also dependent the ActiveDirectory PowerShell module, which requires the AD Web services to be running on at least one domain controller.
-	Author:Jason Walker
-	Last Modified: 3/20/2013
+    This function is only compatible with an environment where the domain controller with the PDCe role to be running Windows Server 2008 SP2 and up.
+    The script is also dependent the ActiveDirectory PowerShell module, which requires the AD Web services to be running on at least one domain controller.
+    Author:Jason Walker
+    Last Modified: 3/20/2013
 #>
     [CmdletBinding()]
 
-    Param(
+    param(
         [Parameter(Mandatory = $True)]
         [String]$Identity
     )
 
-    Begin {
+    begin {
         $DCCounter = 0
         $LockedOutStats = @()
 
-        Try {
+        try {
             Import-Module ActiveDirectory -ErrorAction Stop
-        } Catch {
+        } catch {
             Write-Warning $_
-            Break
+            break
         }
     }#end begin
-    Process {
+    process {
 
         #Get all domain controllers in domain
         $DomainControllers = Get-ADDomainController -Filter *
         $PDCEmulator = ($DomainControllers | Where-Object { $_.OperationMasterRoles -contains 'PDCEmulator' })
 
         Write-Verbose 'Finding the domain controllers in the domain'
-        Foreach ($DC in $DomainControllers) {
+        foreach ($DC in $DomainControllers) {
             $DCCounter++
             Write-Progress -Activity 'Contacting DCs for lockout info' -Status "Querying $($DC.Hostname)" -PercentComplete (($DCCounter / $DomainControllers.Count) * 100)
-            Try {
+            try {
                 $UserInfo = Get-ADUser -Identity $Identity -Server $DC.Hostname -Properties AccountLockoutTime, LastBadPasswordAttempt, BadPwdCount, LockedOut -ErrorAction Stop
-            } Catch {
+            } catch {
                 Write-Warning $_
-                Continue
+                continue
             }
-            If ($UserInfo.LastBadPasswordAttempt) {
+            if ($UserInfo.LastBadPasswordAttempt) {
                 $LockedOutStats += New-Object -TypeName PSObject -Property @{
                     Name                   = $UserInfo.SamAccountName
                     SID                    = $UserInfo.SID.Value
@@ -70,18 +69,18 @@ Function Get-LockedOutLocation {
         $LockedOutStats | Format-Table -Property Name, LockedOut, DomainController, BadPwdCount, AccountLockoutTime, LastBadPasswordAttempt -AutoSize
 
         #Get User Info
-        Try {
+        try {
             Write-Verbose "Querying event log on $($PDCEmulator.HostName)"
             $LockedOutEvents = Get-WinEvent -ComputerName $PDCEmulator.HostName -FilterHashtable @{LogName = 'Security'; Id = 4740 } -ErrorAction Stop | Sort-Object -Property TimeCreated -Descending
-        } Catch {
+        } catch {
             Write-Warning $_
-            Continue
+            continue
         }#end catch
 
-        Foreach ($Event in $LockedOutEvents) {
-            If ($Event | Where-Object { $_.Properties[2].value -match $UserInfo.SID.Value }) {
+        foreach ($item in $LockedOutEvents) {
+            if ($item | Where-Object { $_.Properties[2].value -match $UserInfo.SID.Value }) {
 
-                $Event | Select-Object -Property @(
+                $item | Select-Object -Property @(
                     @{Label = 'User'; Expression = { $_.Properties[0].Value } }
                     @{Label = 'DomainController'; Expression = { $_.MachineName } }
                     @{Label = 'EventId'; Expression = { $_.Id } }
@@ -90,9 +89,9 @@ Function Get-LockedOutLocation {
                     @{Label = 'LockedOutLocation'; Expression = { $_.Properties[1].Value } }
                 )
 
-            }#end ifevent
+            }#end if event
 
-        }#end foreach lockedout event
+        }#end foreach lockout event
 
     }#end process
 
