Active Directory

How to Trace the Source of a Bad Password and Account Lockout in AD

In this blog, we will see how to trace the source of a bad password and account lockout in Active Directory.

Step 1: Download Account Lockout Status tool from Microsoft from

You can download from here: https://www.microsoft.com/en-gb/download/details.aspx?id=15201

Step 2: Now Run LockoutStatus.exe

For this you need to run the .msi to extract the files and after that run the LockoutStatus.exe tool.

Else, Go to C:\Program Files\Windows Resource Kits\Tools\ and start lockoutstatus.exe

Step 3: Select Target

Here you have select target and type user name and then admin credentials and then click ok.

 

Step 4: See Result

The LockoutStatus tool will show the status of this account on each domain controller. Here you can easily see Bad Pwd Count and locked password on this DC.

 

Step 5: See the Security log

You need to navigate to Event Viewer -> Windows Logs -> Security and filter current log using Event ID 4740 for Windows 2016/2012 and Windows 2008 Server or 529 on Windows 2003 Server containing target user name.

 

For more information, please refer to the following link:

Troubleshooting Account Lockout:
http://expert-advice.org/active-directory/how-to-troubleshoot-account-lockout-in-active-directory/

Leave a Reply

Your email address will not be published. Required fields are marked *