• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 758
  • Last Modified:

Best way to monitor for account lockouts in an active directory environment?

I am looking for an easy way to ahve the help desk team get notified when an account is locked out.  I have a product that can look in the event logs and alert off of that, but am looking for the correct way to do this.  Thoughts?

Environment is windows server 2003 running mixed mode.

1 Solution
childersjAuthor Commented:
Thats a good query, but I was thinking to do it realtime when the account is locked out.  This way the service desk team can adress it right away.  Also, for my team we can see if sensitive accounts are attempting logins.
Mike KlineCommented:
The product you have that will alert off event logs is the way to go if you want realtime.  You will want to look for event 644
...and for those that don't have software you can use event triggers in 2003  http://www.petri.co.il/how-to-use-eventtriggersexe-to-send-e-mail-based-on-event-ids.htm
and in 2008 it is easier http://portal.sivarajan.com/2010/04/generate-email-alert-to-event-attach.html
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now