Active Directory 2008 Enable Account Lockout Auditing

Hi,

How can I enable the account lockout events in the eventviewer in AD 2008.  Also, what event id's are related to user account lockout?
Jack_son_Asked:
Who is Participating?
 
Mike KlineConnect With a Mentor Commented:
Have a meeting so I can't write more now but look at this  http://www.windowsitpro.com/article/auditing/access-denied-auditing-user-account-lockouts.aspx

I think the event is 644    I'll try and test later to make sure

Thanks

Mike
0
 
modruConnect With a Mentor Commented:
mkline is correct, event ID 644;
http://www.eventid.net/display.asp?eventid=644&eventno=227&source=Security&phase=1

How to enable logging of these events;
To effectively troubleshoot account lockout, enable auditing at the domain level for the following events:
Account Logon Events – Failure
Account Management – Success
Logon Events – Failure

http://technet.microsoft.com/en-us/library/cc776964(WS.10).aspx

To modify the GPO for the settings;
http://technet.microsoft.com/en-us/library/cc775412(WS.10).aspx
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.