How to check bad password login in Windows 2003 domain controller?

W

Will

User report their user account always locked. But I cannot found any bad
password & account locked event in the domain controller secuirty event log,
even I enable audit log in domain policy.

How to check bad password login in Windows 2003 domain controller?

Thanks
 
R

Richard Mueller [MVP]

Will said:
User report their user account always locked. But I cannot found any bad
password & account locked event in the domain controller secuirty event
log, even I enable audit log in domain policy.

How to check bad password login in Windows 2003 domain controller?

Thanks

The information is not replicated between DC's, so you need to look on the
DC (or DC's) that authenticated the user. I think there is tool to retrieve
information about locked out accounts, but I cannot find information on it.
However, I have an example VBScript program to retrieve information on all
locked out users linked here:

http://www.rlmueller.net/LockedUsers.htm

The program contacts all Domain Controllers to get the information, so it
can take awhile in a large network with slow connections. One of the
purposes is to identify the DC autenticating the locked out users.

Note that common causes are scheduled tasks or services that attempt to
authenticate with old credentials. Also, persistent drive mappings to shares
that require passwords can cause this.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top