Active Directory

How to Trace the Source of a Bad Password and Account Lockout in AD

In this blog, we will see how to trace the source of a bad password and account lockout in Active Directory.

Step 1: Download Account Lockout Status tool from Microsoft from

You can download from here:

Step 2: Now Run LockoutStatus.exe

For this you need to run the .msi to extract the files and after that run the LockoutStatus.exe tool.

Else, Go to C:\Program Files\Windows Resource Kits\Tools\ and start lockoutstatus.exe

Step 3: Select Target

Here you have select target and type user name and then admin credentials and then click ok.


Step 4: See Result

The LockoutStatus tool will show the status of this account on each domain controller. Here you can easily see Bad Pwd Count and locked password on this DC.


Step 5: See the Security log

You need to navigate to Event Viewer -> Windows Logs -> Security and filter current log using Event ID 4740 for Windows 2016/2012 and Windows 2008 Server or 529 on Windows 2003 Server containing target user name.


For more information, please refer to the following link:

Troubleshooting Account Lockout

Source of Failed Logon Attempts in Active Directory

Common Causes for Account Lockouts – Resolution and Troubleshooting Steps

9 thoughts on “How to Trace the Source of a Bad Password and Account Lockout in AD

  1. Great goods from you, man. You make it enjoyable and you still care for to keep it sensible.
    I can’t wait to read far more from you. This is actually a terrific site.

    1. Windows Server provides audit capability for Active Directory through 2 categories of events in the Windows security log:

      1. Directory Service Access – provides low level auditability of every object and attribute in Active Directory

      2. Account Management – provides higher level auditing of key operations performed against users, groups and computers

Leave a Reply

Your email address will not be published. Required fields are marked *