Bulent's Blog

ITIL, MOF, PMP, PRINCE2, Microsoft Technologies

Active Directory - Troubleshooting Account Lockout information

Active Directory - Troubleshooting Account Lockout information

  • Comments 2
  • Likes

Troubleshooting Account Lockout (Technet)


Account Lockout and Management Tools


Account Lockout Status (LockoutStatus.exe)


SCOM Alerts & Audit Collection Services

You should be able to setup an event collection on the Security event log for that lockout and a few other events so that you get an alert.  Here a just a few events that you could alert on to help monitor that account. 
Event ID 531 : Account disabled
Event ID 532 : Account expired
Event ID 535 : Password expired
Event ID 539 : Logon Failure: Account locked out
Event ID 644 : User account Locked out

These article have a pretty good list of other security event id’s that you can alert on as well. 



  • I liked your way of presentation. The information you provided is great, Thank you for this, and hope in future you will come with more knowledgeable information.


  • Check this and finish this problem http://farisnt.blogspot.ae/2014/02/why-ad-user-account-locked-out.html

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment