Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How to Tell WHO unlocked and/or enabled a locked and/or disabled active directory account

Posted on 2014-04-15
2
Medium Priority
?
278 Views
Last Modified: 2014-04-22
I have an active directory account that was locked on a particular day I am being asked to find out who unlocked the account in question.

Thanks.
0
Comment
Question by:dowhatyoudo22
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 25

Assisted Solution

by:Tony Giangreco
Tony Giangreco earned 1000 total points
ID: 40001816
If you have that level of logging enabled in the default domain GPO security settings, you will find it in the event viewer within the system log.

If the logging is not set, there is no audit to look for.
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 1000 total points
ID: 40001828
You have to enable auditing then search your security logs.  are you on 2008 or higher...advanced audit settings can help

http://technet.microsoft.com/en-us/library/cc731607(v=ws.10).aspx

So once you have it on how do you search through all the logs (especially in a big org).  Eventcomb (free microsoft tool) can help.  There are also good 3rd party tools that can make that search easier.

Thanks

Mike
0

Featured Post

Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question