Decarn
asked on
How to check what time the AD account was lock out
Hi,
I know that there is a Microsoft Lockout toolkit but it has to be installed on the DC which is out of bounds. Hence is there a alternative to find out what time the particular AD account was locked out and if possible why?
Thanks
I know that there is a Microsoft Lockout toolkit but it has to be installed on the DC which is out of bounds. Hence is there a alternative to find out what time the particular AD account was locked out and if possible why?
Thanks
Try enable advance features in A.D MMC and then click user properties to see if you get the required details.
Hello !
You can download this package from Microsoft : http://www.microsoft.com/downloads/details.aspx?FamilyId=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en
Which contains the utility LockoutStatus.exe and the DLL AcctInfo.dll.
The lockoutstatus utility will give you all the informations you want about, obviously, the lockout status of a user, and the ability to unlock it, reset his password...
Or you can register acctinfo.dll : copy it to C:\Windows\System32 and launch the command "regsvr32 %systemroot%\system32\acct info.dll". This will add a tab in the users properties in ADUC that will also give you the information you want.
Syldra
You can download this package from Microsoft : http://www.microsoft.com/downloads/details.aspx?FamilyId=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en
Which contains the utility LockoutStatus.exe and the DLL AcctInfo.dll.
The lockoutstatus utility will give you all the informations you want about, obviously, the lockout status of a user, and the ability to unlock it, reset his password...
Or you can register acctinfo.dll : copy it to C:\Windows\System32 and launch the command "regsvr32 %systemroot%\system32\acct
Syldra
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
both of these can be found in the event logs (start > run > eventvwr > security)
filter the security log for event id 539 to see when it was locked out
you might find more info about why/from where, if you filter for these event id's:
529, 644, 675, 676, 681, 12294