Active Directory User Account Lockout Troubleshooting

Active Directory is such an important service that in most organisations after being implemented becomes essential and at the same time suddenly transparent to the end-user.

In my humble opinion even nowadays learning the fundamentals of Active Directory is very important for most support / technical roles and it will be a valuable skill for at least another decade, cloud technologies, for instance, will not make those skills disappear overnight.

Regardless of the size of the organisation who needs to support the end-user needs to understand well how it works or know how to solve the most common issues, in this article we will touch again of a very simple problem to investigate such the AD Account Lockout.

Why even AD lockout events are important?

I found that basic issues like account locked out events are very common and trivial to resolve, but some it professionals don’t spend time to prevent it from happening or dig deeper to find the root cause and communicate it back to the end-user.

After carefully designing our system Windows Integrated Authentication the user log in once and all doesn’t need to provide his credentials over and over again, so happy days, right? What happens when the AD account is (temporary) locked out the end-user can’t work at all?  So we must not underestimate it.

For this reason over the time I’ve used automation to proactively identify and report these events for support teams or colleagues, learning early on in my career, any interruption of productivity (calling outages is maybe extreme) should be avoided whenever possible.  Time is money and the efficiency and sometimes the overall quality of our IT systems is about availability and end-user perceptions.

Is it automation or scripting required so often? No, but if you ask me it helps a lot!  I still think your efforts will be paid back by the results.

Have a look at some other articles like:

Pop-Up Notifications with PowerShell

Powershell: Monitoring AD Account Lock-Out Events

 

How to Turn On ADFS Security Auditing with Powershell

How to trigger incoming webhooks in Microsoft Teams with Powershell

How to Send Messages to Slack with PowerShell

 

But if scripting is not your cup of tea, let’s see what are your options. 

Traditionally there are scripts and tools that Microsoft provided over the years such:

EventComb

https://support.microsoft.com/en-ca/help/824209/how-to-use-the-eventcombmt-utility-to-search-event-logs-for-account-lo

Account Lockout and Management Tool

https://www.microsoft.com/en-us/download/details.aspx?id=18465

Old school tools still work, learning how to drive this tools is important, more than reinventing the wheel. Especially if you need to train new starters consider this option, they need to be productive while learning a lot of technologies stacks and they can feel overwhelmed.

Conclusions

To read the output of this tool or to use them properly the fundamental knowledge of Active Directory is still required, but it just speeds up the process of gathering the information. If your fundamentals are solid, maybe these tools are not required at all because you already know where and what to look and expect in the first place.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.