## Get all domain controllers for current domain and retrieve AD account lock events, going back a given period in time and showing which account and where it was locked from

[System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain().DomainControllers.name | % { Get-WinEvent -FilterHashtable @{ LogName = 'Security' ; Id = 4740 ; StartTime = [datetime]::Now.AddDays( -7 ) } -ComputerName $_|select timecreated,MachineName,@{n='Account';e={$_.properties[0].value}},@{n='From';e={$_.properties[1].value}}}