get-aduser -Filter {BadLogonCount -ne 0} -properties * | select SamAccountName,BadLogonCount,BadPasswordTime,BadPwdCount,@{name='badPasswordTimeDT'; expression={[datetime]::fromFileTime($_.badPasswordTime)}} | sort BadPasswordTime | FT
Practice until you can't make it wrong.