Solved

How to check what time the AD account was lock out

Posted on 2010-08-12
4
842 Views
Last Modified: 2012-06-27
Hi,

I know that there is a Microsoft Lockout toolkit but it has to be installed on the DC which is out of bounds. Hence is there a alternative to find out what time the particular AD account was locked out and if possible why?

Thanks
0
Comment
Question by:Decarn
4 Comments
 
LVL 24

Expert Comment

by:B H
ID: 33426527
accounts that are locked out are either because of bad passwords real quickly, or the account became disabled (expired, or not allowed to log in during this time of day)

both of these can be found in the event logs (start > run > eventvwr > security)
filter the security log for event id 539 to see when it was locked out

you might find more info about why/from where, if you filter for these event id's:
529, 644, 675, 676, 681, 12294
0
 
LVL 3

Expert Comment

by:jaswinder108
ID: 33426533
Try enable advance features in A.D MMC and then click user properties to see if you get the required details.
0
 
LVL 8

Expert Comment

by:SylvainDrapeau
ID: 33426756
Hello !

You can download this package from Microsoft : http://www.microsoft.com/downloads/details.aspx?FamilyId=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en

Which contains the utility LockoutStatus.exe and the DLL AcctInfo.dll.

The lockoutstatus utility will give you all the informations you want about, obviously, the lockout status of a user, and the ability to unlock it, reset his password...

Or you can register acctinfo.dll : copy it to C:\Windows\System32 and launch the command "regsvr32 %systemroot%\system32\acctinfo.dll". This will add a tab in the users properties in ADUC that will also give you the information you want.

Syldra
0
 
LVL 2

Accepted Solution

by:
GhouseAdmin earned 500 total points
ID: 33435779
Hi,

You can find detailed information regarding the account status and its usage, when it was locked out, when the user was logged on successfully, how many times user used bad passwords etc.., from:
http://technet.microsoft.com/en-us/library/cc738772%28WS.10%29.aspx

This microsoft site gives more information on different error codes of Account lockout:

http://technet.microsoft.com/en-us/library/cc776964%28WS.10%29.aspx

You can find all the information that you wanted in above mentioned sites.


Ghouse Mohiddin

0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Problem to open text file 11 128
fso.FolderExists("\\server\HiddenFolder$") 4 78
Update Access FrontEnd by Version # 9 47
Problem to cell option 1 36
This article is the result of a quest to better understand Task Scheduler 2.0 and all the newer objects available in vbscript in this version over  the limited options we had scripting in Task Scheduler 1.0.  As I started my journey of knowledge I f…
When you see single cell contains number and text, and you have to get any date out of it seems like cracking our heads.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question