Solved

How to check what time the AD account was lock out

Posted on 2010-08-12
4
838 Views
Last Modified: 2012-06-27
Hi,

I know that there is a Microsoft Lockout toolkit but it has to be installed on the DC which is out of bounds. Hence is there a alternative to find out what time the particular AD account was locked out and if possible why?

Thanks
0
Comment
Question by:Decarn
4 Comments
 
LVL 24

Expert Comment

by:bryon44035v3
Comment Utility
accounts that are locked out are either because of bad passwords real quickly, or the account became disabled (expired, or not allowed to log in during this time of day)

both of these can be found in the event logs (start > run > eventvwr > security)
filter the security log for event id 539 to see when it was locked out

you might find more info about why/from where, if you filter for these event id's:
529, 644, 675, 676, 681, 12294
0
 
LVL 3

Expert Comment

by:jaswinder108
Comment Utility
Try enable advance features in A.D MMC and then click user properties to see if you get the required details.
0
 
LVL 8

Expert Comment

by:SylvainDrapeau
Comment Utility
Hello !

You can download this package from Microsoft : http://www.microsoft.com/downloads/details.aspx?FamilyId=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en

Which contains the utility LockoutStatus.exe and the DLL AcctInfo.dll.

The lockoutstatus utility will give you all the informations you want about, obviously, the lockout status of a user, and the ability to unlock it, reset his password...

Or you can register acctinfo.dll : copy it to C:\Windows\System32 and launch the command "regsvr32 %systemroot%\system32\acctinfo.dll". This will add a tab in the users properties in ADUC that will also give you the information you want.

Syldra
0
 
LVL 2

Accepted Solution

by:
GhouseAdmin earned 500 total points
Comment Utility
Hi,

You can find detailed information regarding the account status and its usage, when it was locked out, when the user was logged on successfully, how many times user used bad passwords etc.., from:
http://technet.microsoft.com/en-us/library/cc738772%28WS.10%29.aspx

This microsoft site gives more information on different error codes of Account lockout:

http://technet.microsoft.com/en-us/library/cc776964%28WS.10%29.aspx

You can find all the information that you wanted in above mentioned sites.


Ghouse Mohiddin

0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
This script will sweep a range of IP addresses (class c only, 255.255.255.0) and report to a log the version of office installed. What it does: 1.)      Creates log file in the directory the script is run from (if it doesn't already exist) 2.)      Sweep…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now