• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 756
  • Last Modified:

Best way to monitor for account lockouts in an active directory environment?

I am looking for an easy way to ahve the help desk team get notified when an account is locked out.  I have a product that can look in the event logs and alert off of that, but am looking for the correct way to do this.  Thoughts?

Environment is windows server 2003 running mixed mode.

Thanks
0
childersj
Asked:
childersj
1 Solution
 
KCTSCommented:
0
 
childersjAuthor Commented:
Thats a good query, but I was thinking to do it realtime when the account is locked out.  This way the service desk team can adress it right away.  Also, for my team we can see if sensitive accounts are attempting logins.
0
 
Mike KlineCommented:
The product you have that will alert off event logs is the way to go if you want realtime.  You will want to look for event 644
...and for those that don't have software you can use event triggers in 2003  http://www.petri.co.il/how-to-use-eventtriggersexe-to-send-e-mail-based-on-event-ids.htm
and in 2008 it is easier http://portal.sivarajan.com/2010/04/generate-email-alert-to-event-attach.html
Thanks
Mike
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now