In this video I'll show you how to find the source of account lockouts in Active Directory. User accounts that keep locking out can be very frustrating. I'm going to show you 3 solutions including PowerShell and a GUI tool for tracking down the source of account lockouts.
Overview of the steps:
Step 1: Enabling auditing for event 4740
Step 2: Find the domain controller that holds the PDC emulator role
get-addomain | select PDCEmulator
Step 3: Search event logs for event ID 4740
Get-WinEvent -FilterHashtable @{logname=’security’; id=4740}
Step 4: Display details of event
Get-WinEvent -FilterHashtable @{logname=’security’; id=4740} | fl
Step 5: Use event viewer (optional)
Step 6: Using The Unlock GUI Tool
The user unlock tool is a GUI tool that makes is easy to find all locked user accounts and display the source of the account lockout.
Get your copy of the User Unlock Tool for Active Directory
[ Ссылка ]
Written version of this tutorial (Includes screenshots)
[ Ссылка ]
![[Spinn] Levels](https://i.ytimg.com/vi/-dxYZ3z-nzE/mqdefault.jpg)
