Bulent's Blog

ITIL, MOF, PMP, PRINCE2, Microsoft Technologies

Active Directory - Troubleshooting Account Lockout information

Active Directory - Troubleshooting Account Lockout information

  • Comments 2
  • Likes

Troubleshooting Account Lockout (Technet)

http://technet.microsoft.com/en-us/library/cc773155(WS.10).aspx

Account Lockout and Management Tools

http://www.microsoft.com/downloads/details.aspx?FamilyId=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en

Account Lockout Status (LockoutStatus.exe)

http://www.microsoft.com/downloads/details.aspx?displaylang=en&familyid=D1A5ED1D-CD55-4829-A189-99515b0E90F7
 

SCOM Alerts & Audit Collection Services

You should be able to setup an event collection on the Security event log for that lockout and a few other events so that you get an alert.  Here a just a few events that you could alert on to help monitor that account. 
 
Event ID 531 : Account disabled
Event ID 532 : Account expired
Event ID 535 : Password expired
Event ID 539 : Logon Failure: Account locked out
Event ID 644 : User account Locked out

These article have a pretty good list of other security event id’s that you can alert on as well. 

http://www.windowsnetworking.com/nt/atips/atips155.shtml

http://www.enterprisecertified.com/eSCOPTechnicalGuide.pdf

Comments
  • I liked your way of presentation. The information you provided is great, Thank you for this, and hope in future you will come with more knowledgeable information.

    Thanks

  • Check this and finish this problem http://farisnt.blogspot.ae/2014/02/why-ad-user-account-locked-out.html

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment