I have a service account that gets locked out approximately 1-2 times a week. I am wondering if there is a way to be notified as soon as an invalid login attempt is made for a specific user account. The invalid attempt is most likely occurring within a specific AD site (which hosts only 1 domain controller).
Once the account is locked out, I have been running the account lockout tool to see where and when the last invalid attempt is made (it's always the same DC). But I would like to be notified as soon as the attempt is made. Is there a way to do this without an expensive tool? I have the Messenger service disabled at the domain level, so Windows pop-ups aren't really an option. Thanks for your help.