Solved

Active Directory 2008 Enable Account Lockout Auditing

Posted on 2010-08-12
2
1,870 Views
Last Modified: 2013-11-25
Hi,

How can I enable the account lockout events in the eventviewer in AD 2008.  Also, what event id's are related to user account lockout?
0
Comment
Question by:Jack_son_
2 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 250 total points
ID: 33421452
Have a meeting so I can't write more now but look at this  http://www.windowsitpro.com/article/auditing/access-denied-auditing-user-account-lockouts.aspx

I think the event is 644    I'll try and test later to make sure

Thanks

Mike
0
 
LVL 2

Assisted Solution

by:modru
modru earned 250 total points
ID: 33422885
mkline is correct, event ID 644;
http://www.eventid.net/display.asp?eventid=644&eventno=227&source=Security&phase=1

How to enable logging of these events;
To effectively troubleshoot account lockout, enable auditing at the domain level for the following events:
Account Logon Events – Failure
Account Management – Success
Logon Events – Failure

http://technet.microsoft.com/en-us/library/cc776964(WS.10).aspx

To modify the GPO for the settings;
http://technet.microsoft.com/en-us/library/cc775412(WS.10).aspx
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
Read about the ways of improving workplace communication.
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question