We deal with small to medium-sized businesses which means we might not have a budget for a thousand plus dollar Active Directory auditing tool. But maybe we only want a subset of those tools and we can script some of those tools in PowerShell.  For example, assuming you have a lockout policy setup in Active Directory (you should!), the point is to stop someone from guessing passwords on your accounts.  Wouldn't you like to know if someone is attempting to guess passwords on your accounts?

This script can be added to the Task Scheduler and I would setup its frequency based on your lockout duration. 

A few things to note about this script --

You're going to need a c:\temp directory or a directory to drop the files.  You'll also need a mail server that will accept messages from your script.  Aside from that, we're creating a date stamp that can be used as a filename -- hence the replacement of the special characters.  We're checking to see if we have locked out accounts.  If we do, we're getting the full information on the lockout, writing it to a text file, and then we're emailing that text file to the administrator.  Our message is being sent with a high priority and we're requesting a delivery receipt.   

$date=(Get-Date -Format o).Replace(":","-")
$var1=(Search-ADAccount -LockedOut | Select-Object "LockedOut").LockedOut
If ($var1 -eq 'True') {
  Search-ADAccount -LockedOut >> "c:\temp\$date.txt"
  Send-MailMessage -From "Vince Matteo<noreply@sevenlayers.com>" `
  -To "Administrator <administrator@example.com>" `
  -Subject "Active Directory Lockout" `
  -Body "The attachment contains the locked out account(s)." `
  -Attachments "c:\temp\$date.txt" `
  -Priority High -dno onSuccess, onFailure `
  -SmtpServer "192.168.10.25"
    } Else {
   Exit
}