Solved

account lockout issue

Posted on 2010-11-18
5
388 Views
Last Modified: 2012-05-10
hi, one user is getting locked out very frequently but i not able to figure out from which workstations login attempts are happening in security logs. Is there a tool which can help me find out the source of account lockout. I hv tried Alockout tool from microsoft but i need to know the actual source of user.

I hv enabled logon audit -success and failure in AD  but someone failure logs are not getting generated.

Thanks,
Santosh
0
Comment
Question by:santoshlk
5 Comments
 
LVL 9

Accepted Solution

by:
dj0rbit earned 125 total points
ID: 34164719
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 34164772
this should be shown on event viewer.

right click on the security tab, filter the current log a in the attached.


evnt.PNG
0
 
LVL 10

Expert Comment

by:abhijitmdp
ID: 34165882
As dj0rbit suggested you will need to download and run Account Lockout and Management Tools  tool from microsoft. this will show the exact result you are looking for.
0
 
LVL 2

Assisted Solution

by:Charlesd
Charlesd earned 125 total points
ID: 34170239
Just run the below command to enable netlogon debug logging on command prompt.

nltest /dbflag:0x2080ffff

After you restart Net Logon, Net Logon-related activity may be logged to %windir%\debug\netlogon.log

You would be able to see who is trying to access the server.

0
 

Author Closing Comment

by:santoshlk
ID: 34463255
partially solution.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a fairly complicated script that will install the required prerequisites to install SCCM 2012 R2 on a server.  It was designed under the functional model in order to compartmentalize each step required, reducing the overall complexity.  The …
Experts-Exchange users below are the steps you can follow to upgrade your Lync server to latest CU's or cumulative updates. Note: Perform it during non-production hours.   Step 1: Backup your lync and SQL server database. Follow below article: h…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question