Double-click “ALTools.exe” to extract all on 64-bit Windows Server 2008 R2 platform
The related files will be here.
Scenario
One day, someone tell you that her or his account is locked and want to know what happen. In the moment, how to track this status?
By LockoutStatus utility
Right-click “LockoutStatus.exe” next to click Run as administrator in the menu
Click File –> Select Target…
Key locked account name as “test_2” into Target User Name and its domain name as “dw.com” into Target Domain Name.If need to use the enough AD right, please enable “Use Alternate Credentials” check box and key in the related data as User Name, Password and Domain Name.
Now you can know when this account is locked and which DC lock it.
Right-click this next to click “Open Event Viewer" in menu
In Event Viewer, expand Windows Logs and right-click Security next to click “Filter Current Log…” in menu
Key in ID numbers as “4625,4740,4771,4772,4777” next to click “OK” button
Now you can see all filtered log
Open each log to realize which computer trigger the locked status.
Maybe we need to log on this computer to realize what reason trigger the locked happen. According to common causes for account lockouts (reference 3), sometimes we cannot find the root cause event though follow its suggestion.
Reference
(1). Description of security events in Windows Vista and in Windows Server 2008
or Description of security events in Windows 7 and in Windows Server 2008 R2
(2). Standalone Utility --- Account Lockout Status (LockoutStatus.exe)
(3). Common Causes for Account Lockouts
<<< Account Lockout (part 1 of 4)
沒有留言:
張貼留言