Finding the source of a locked out user with PowerShell

Had an issue today with EventCombMT not working and quickly grew tired of trying to figure out what was going on.  Whipped up a quick PowerShell script to search through all the domain controllers and find the specific events tied to account lockouts.

$eventId   = 4740
$logName   = "Security"
$user      = "user_name"

Get-ADDomainController -filter * | Select-Object -ExpandProperty Name | ForEach-Object {

        Invoke-Command -ComputerName $_  -ScriptBlock {
            param($eventId, $logName)

            $query = @{ LogName=$logName; ID=$eventId; }

            Get-WinEvent -FilterHashtable $query -ErrorAction SilentlyContinue

        } -AsJob -ArgumentList $eventId, $logName


}; While(Get-Job -State Running){}; $results = Get-Job | Receive-Job; Get-Job | Remove-Job

$results | Where {$_.Message -match $user} | Select MachineName, TimeCreated, Message | FL