Active Directory is such an important service that in most organisations after being implemented becomes essential and at the same time suddenly transparent to the end-user.
In my humble opinion even nowadays learning the fundamentals of Active Directory is very important for most support / technical roles and it will be a valuable skill for at least another decade, cloud technologies, for instance, will not make those skills disappear overnight.
Regardless of the size of the organisation who needs to support the end-user needs to understand well how it works or know how to solve the most common issues, in this article we will touch again of a very simple problem to investigate such the AD Account Lockout.
Why even AD lockout events are important?
I found that basic issues like account locked out events are very common and trivial to resolve, but some it professionals don’t spend time to prevent it from happening or dig deeper to find the root cause and communicate it back to the end-user.
After carefully designing our system Windows Integrated Authentication the user log in once and all doesn’t need to provide his credentials over and over again, so happy days, right? What happens when the AD account is (temporary) locked out the end-user can’t work at all? So we must not underestimate it.
For this reason over the time I’ve used automation to proactively identify and report these events for support teams or colleagues, learning early on in my career, any interruption of productivity (calling outages is maybe extreme) should be avoided whenever possible. Time is money and the efficiency and sometimes the overall quality of our IT systems is about availability and end-user perceptions.
Is it automation or scripting required so often? No, but if you ask me it helps a lot! I still think your efforts will be paid back by the results.
Have a look at some other articles like:
How to trigger incoming webhooks in Microsoft Teams with Powershell
But if scripting is not your cup of tea, let’s see what are your options.
Traditionally there are scripts and tools that Microsoft provided over the years such:
EventComb
Account Lockout and Management Tool
https://www.microsoft.com/en-us/download/details.aspx?id=18465
Old school tools still work, learning how to drive this tools is important, more than reinventing the wheel. Especially if you need to train new starters consider this option, they need to be productive while learning a lot of technologies stacks and they can feel overwhelmed.
Conclusions
To read the output of this tool or to use them properly the fundamental knowledge of Active Directory is still required, but it just speeds up the process of gathering the information. If your fundamentals are solid, maybe these tools are not required at all because you already know where and what to look and expect in the first place.