account lockout issue

hi, one user is getting locked out very frequently but i not able to figure out from which workstations login attempts are happening in security logs. Is there a tool which can help me find out the source of account lockout. I hv tried Alockout tool from microsoft but i need to know the actual source of user.

I hv enabled logon audit -success and failure in AD  but someone failure logs are not getting generated.

Thanks,
Santosh
santoshlkAsked:
Who is Participating?
 
Suliman Abu KharroubIT Consultant Commented:
this should be shown on event viewer.

right click on the security tab, filter the current log a in the attached.


evnt.PNG
0
 
abhijitmdpCommented:
As dj0rbit suggested you will need to download and run Account Lockout and Management Tools  tool from microsoft. this will show the exact result you are looking for.
0
 
CharlesdConnect With a Mentor Commented:
Just run the below command to enable netlogon debug logging on command prompt.

nltest /dbflag:0x2080ffff

After you restart Net Logon, Net Logon-related activity may be logged to %windir%\debug\netlogon.log

You would be able to see who is trying to access the server.

0
 
santoshlkAuthor Commented:
partially solution.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.