Solved

EventcombMT won't pull 4740 events from a remote domain controller.

Posted on 2014-09-12
4
837 Views
Last Modified: 2014-09-17
We use EventcombMT to scan our domain controllers for Event 4740, which tells us what server/PC is causing a user to get locked out.

It runs fine when we run it from a domain controller.
But when I run it from my Windows 7 laptop logged on as a domain admin it successfully scans the exact same number of events but doesn't show any hits on 4740.

It appears to be the same number of event log entries scanned  and the same settings chosen in the search. But it gets results when run from the domain controller but none if we run it from out desktops/laptops.

Ideas?
0
Comment
Question by:Cardlytics
  • 2
  • 2
4 Comments
 
LVL 53

Expert Comment

by:McKnife
ID: 40319694
I encourage you to dump that old eventcomb.
Powershell is by far more flexible and compatible.

Sorry, I have no idea why it wouldn't work, we dumped eventcomb and dumpel.exe years ago.
0
 

Accepted Solution

by:
Cardlytics earned 0 total points
ID: 40320021
I ended up stumbling across an alternative. See the link below :
http://blogs.technet.com/b/jhoward/archive/2010/06/16/getting-event-log-contents-by-email-on-an-event-log-trigger.aspx

I changed his query batch to read :
del %temp%\query.txt
wevtutil qe Security "/q:*[System [(EventID=4740)]]" /f:text /rd:true /c:1 > %temp%\query.txt
 
The process outlined in that email above shoots us an email as soon as the account gets locked out. Keeps me from having to hunt it down. Pretty elegant I think.
0
 
LVL 53

Expert Comment

by:McKnife
ID: 40320711
Another alternative, neat, why not. Event-triggering is the best way here, right.
0
 

Author Closing Comment

by:Cardlytics
ID: 40327537
Found an alternate process. Google to the rescue!
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now