Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 429
  • Last Modified:

Need to find out at what time and what machine a user account was locked out at

Someone locked out a user account in Active Directory and I need to find out what time and from what machine it was locked out. I have already unlocked the account. I have a Server 2003 Domain Controller. Thanks in advance for the help.
0
schmida54017
Asked:
schmida54017
1 Solution
 
Patrick BogersDatacenter platform engineer LindowsCommented:
Put a filter on eventlog and look for Event 644 and 539
0
 
Pankaj_401Commented:
"Account lockout tool" is the best option to find out "what time and from what machine" it was locked out. By this tool, You can get the complete information about the account lockout cause and status.
Further, if you wish to avoid such issues and get alert of all changes in AD, you can also check this software(http://www.activedirectoryaudit.com/) which would be a best practice and good choice for you.
0
 
Leon FesterIT Project Change ManagerCommented:
There is a tool from Microsoft to speed up this process:
EventCombMT is a multithreaded tool that you can use to search the event logs of several different computers for specific events, all from one central location. You can configure EventCombMT to search the event logs in a very detailed fashion. The following are some of the search parameters that you can specify:•Individual event IDs
•Multiple event IDs
•A range of event IDs
•An event source
•Specific event text
•How many minutes, hours, or days back to scan
Some specific search categories are built-in, such as Account Lockouts. The Account Lockouts search is preconfigured to include event IDs 529, 644, 675, 676, and 681. Additionally, you can add event ID 12294 to search for potential attacks against the Administrator account.
http://support.microsoft.com/kb/824209
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now