Account Lockout and Management Tools

by Damiaan Peeters 13. September 2010 14:54

Today i had some issues with a locked account.

I downloaded the account lockout tools from Microsoft Download Center. 

It includes several tools… 

Additional Account Information

There is a very interesting tool called “additional account info”. It gives more information about a user’s password.

Here you have a screenshot.

image

To see the “Additional Account Info” tab, register the AcctInfo.DLL. on the pc where you are using the MMC “Active Directory Users and Computers” snap-in.  (you might need to install the Administrative tools on your client pc if you don’t want to install the plug-in on your server)

Register the DLL

Use the following command :

regsvr32 %systemroot%\system32\acctinfo.dll

(change the path appropriately)

eventcombMT.exe

This is a pretty cool application.   It goes searching through all event logs of the Domain Servers.

image

Use the Menu Searches – Built-in Searches.  It saves you lot’s of time.  You will see that the servers, event id’s and types are automatically set.  The tool is not blasting fast, but it gathers all information from the selected servers and dumps it into text files.

Make sure you have the right permissions to do search the event logs on those servers.

LockoutStatus.exe

To see the current “bad password count” status on all the domain controllers, launch the tool, choose File – Select Target.  Enter the right username, and you will see on which domain controller the bad password attempts have occurred.

image

blog comments powered by Disqus

Who.I.am

Certified Umbraco, .net and Azure developer, seo lover. Magician in my spare time.

Month List