Account Lockout
From AlphaBook
Contents
- 1 Enable lockout policy (disabled be default)
- 2 Check if account is locked
- 3 Unlock account
- 4 Delegate helpdesk group unlock permission
- 5 Check where (on which system) account is locked (from PDC)
- 6 Check detailed reason (from the specific system)
- 7 Event ID 4740
- 8 Event ID 4740 is missing
- 9 Reference
Enable lockout policy (disabled be default)
- Computer Configuration\Windows Settings\Security Settings\Account Policies\Account Lockout Policy
Check if account is locked
- net user /domain user01
Unlock account
- Unlock-ADAccount -Identity user01
- Or check in Active Directory Administrative Center
Delegate helpdesk group unlock permission
- Apply onto: User objects
- Allow Read lockoutTime and Write lockoutTime
- Apply these permission to objects and/or containers within this container only
Check where (on which system) account is locked (from PDC)
- Get-EventLog -LogName "Security" | where {$_.EventID -eq 4740}
- Or create a Custom View of the Security Log
Check detailed reason (from the specific system)
- Check the Security log during the specific time
Event ID 4740
- A user account was locked out
- Account Name:
- Called Computer Name:
- Task Catagory:User Account Management
Event ID 4740 is missing
- Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policies\Account Management\Audit User Account Management
Reference
- http://social.technet.microsoft.com/wiki/contents/articles/23497.active-directory-troubleshooting-frequent-account-lockout.aspx
- https://www.netwrix.com/account_lockout_examiner.html
- https://support.microsoft.com/en-us/help/279723/how-to-grant-help-desk-personnel-the-specific-right-to-unlock-locked-user-accounts