Link to home
Start Free TrialLog in
Avatar of Decarn
Decarn

asked on

How to check what time the AD account was lock out

Hi,

I know that there is a Microsoft Lockout toolkit but it has to be installed on the DC which is out of bounds. Hence is there a alternative to find out what time the particular AD account was locked out and if possible why?

Thanks
Avatar of Bryon H
Bryon H
Flag of United States of America image
accounts that are locked out are either because of bad passwords real quickly, or the account became disabled (expired, or not allowed to log in during this time of day)

both of these can be found in the event logs (start > run > eventvwr > security)
filter the security log for event id 539 to see when it was locked out

you might find more info about why/from where, if you filter for these event id's:
529, 644, 675, 676, 681, 12294
Avatar of jaswinder108
jaswinder108
Try enable advance features in A.D MMC and then click user properties to see if you get the required details.
Avatar of Sylvain Drapeau
Sylvain Drapeau
Flag of Canada image
Hello !

You can download this package from Microsoft : http://www.microsoft.com/downloads/details.aspx?FamilyId=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en

Which contains the utility LockoutStatus.exe and the DLL AcctInfo.dll.

The lockoutstatus utility will give you all the informations you want about, obviously, the lockout status of a user, and the ability to unlock it, reset his password...

Or you can register acctinfo.dll : copy it to C:\Windows\System32 and launch the command "regsvr32 %systemroot%\system32\acctinfo.dll". This will add a tab in the users properties in ADUC that will also give you the information you want.

Syldra
ASKER CERTIFIED SOLUTION
Avatar of GhouseAdmin
GhouseAdmin
Flag of India image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial