Link to home
Start Free TrialLog in
Avatar of nightshadz
nightshadzFlag for United States of America

asked on

Active Directory - Monitor invalid password attempts

Is it possible to perform account monitoring for invalid login attempts in AD?  How would I go about doing this?
Avatar of Paul MacDonald
Paul MacDonald
Flag of United States of America image

Your Windwos Security Log will show failed logins.  There are probably tools that will consolidate the logs from all your servers, but I can't name one off the top of my head.
What's your domain functional level ? With Windows Server 2008, you can monitor the total number of failed logon attempts at a domain-joined Windows Server 2008 server or a Windows Vista workstation via
Avatar of nightshadz


These logs would only be on the server where AD resides?
No, those logs would be all over your network.  If I try to log in as Administrator on your web server, that's where the failed login will show up.

I don't think that's what we're looking for.  It has to reside on the AD server.
Rick, I think our AD is running on Windows 2003.
It is.
In that case you can't take advantage of what I have posted.

I think your question is twofold :

Are you after the last bad password time :

Or are you after from which system the last invalid attempt came from ?

If latter, the AccountLockoutTools may help, see and use the event comb to comb the DCs log to find the culprit
I think the first one is the most important.  It says, "The last time and date that an attempt to log on to this account was made with an invalid password.".  How would I know if several invalid attempts were made?
That's easy, take a look at the bad password count via what I have posted above and corelate to the account lockout threshold via your group policy...
I don't have access to AD.  I'm just doing some research.  Where would I find that screenshot in AD?
Avatar of RickSheikh
Flag of United States of America image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I'll pass the information along.  Thanks!