Professional Documents
Culture Documents
Account Lockout Troubleshooting Guide
Account Lockout Troubleshooting Guide
Account Lockout Troubleshooting Guide
To View Saved
Credentials on a
Given System:
Microsoft Account Lockout and Management Tools are included with AlTools.exe
LockoutStatus Tool
This tool displays information about a locked out account with its User State and
Lockout Time on each Domain Controller and allows to unlock it right -clicking
the corresponding entry.
Run the LockoutStatus.exe > File menu > Select target > Define Target User Name
and Target Domain Name > OK
EventCombMT Tool
This tool gathers specific events from several different servers to one central
location.
Run the EventCombMT.exe > Right Click on Select to search field > Choose Get DCs
in Domain > Mark your Domain Controllers for search
Click the Searches menu > Built In Searches > Account Lockouts
NOTE: for Windows Server 2008 and above replace Event ID field values with 4740
Click Search and wait for the process to complete the operation.
After the search is done the output directory contains the log files for the domain
controllers where events with the specified Event IDs were found.
Enable Netlogon
Logging:
Start > Run > type in:
nltest /dbflag:2080ffff > OK
After you restart Net Logon
service, related activity may be
logged to
%windir%/debug/netlogon.log
Disable Netlogon
Logging:
Start > Run > type in:
nltest /dbflag:0 > OK
Dont forget to disable Netlogon
logging after you have captured
events as performance of system
may be slightly degraded by
logging process.
All accounts list contains locked, unlocked and manually added accounts.
To examine an account for possible lockout reason click an arrow next to Examine button to get
the result for all the workstations in the specified domain or Examine on to specify workstation
manually.
Corporate Headquarters:
300 Spectrum Center Drive, Suite 1100,
Irvine, CA 92618
Toll-free: 888-638-9749
Int'l: 1-949-407-5125
EMEA: 44 (0) 203-318-0261
netwrix.com/social