pramod1
asked on
active directory
how long the logs are there in domain controller
I want to find the reason for account lockout of one user who was locked yesterday but when searching in security logs cant find it any details
I am searching on my domain controller
I want to find the reason for account lockout of one user who was locked yesterday but when searching in security logs cant find it any details
I am searching on my domain controller
ASKER
I am attaching the snap shot, can it be possible that it was over written today as I ran lock out tool it showed yesterday date for that user that is 12/26 ?
C--Users-ic1pxk-Desktop-Capture.JPG
C--Users-ic1pxk-Desktop-Capture.JPG
ASKER
does it mean size 131702?
this means that your max size of the files is approx. 131 MB, but since this is set to overwrite you may not have the logged events you are looking for depending how far back the log goes. Domain Controller security logs fill up fast since they are constantly authenticating and recording these event.
ASKER
just one last question, is there any time frame I can check when the logs were purged
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Right click each of the logs (The one you are interested in is the security logs) and go to the properties
There are few areas to look at.
If you have it set to Overwrite you will need to restore a backup to get the data you are looking for, but if it is archived or do not overwrite you might be in luck.
If it is archived you will need to open the archive EVTX file from the location listed in the properties.