1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Locked Accounts

Discussion in 'Software' started by Phil, Oct 9, 2004.

  1. Phil
    Honorary Member

    Phil Gigabyte Poster

    I recently had a problem with the antivirus service account on the network at work constantly getting locked out and couldn't track down where it was getting locked out. I came a cross altools.exe from Microsoft which helped solve the problem and I thought might be useful to some of you guys [​IMG] The tools included are

    AcctInfo.dll. Helps isolate and troubleshoot account lockouts and to change a user's password on a domain controller in that user's site. It works by adding new property pages to user objects in the Active Directory Users and Computers Microsoft Management Console (MMC).

    ALockout.dll. On the client computer, helps determine a process or application that is sending wrong credentials.

    Caution: Do not use this tool on servers that host network applications or services. Also, you should not use ALockout.dll on Exchange servers, because it may prevent the Exchange store from starting.

    ALoInfo.exe. Displays all user account names and the age of their passwords.

    EnableKerbLog.vbs. Used as a startup script, allows Kerberos to log on to all your clients that run Windows 2000 and later.

    EventCombMT.exe. Gathers specific events from event logs of several different machines to one central location.

    LockoutStatus.exe. Determines all the domain controllers that are involved in a lockout of a user in order to assist in gathering the logs. LockoutStatus.exe uses the NLParse.exe tool to parse Netlogon logs for specific Netlogon return status codes. It directs the output to a comma-separated value (.csv) file that you can sort further, if needed.

    NLParse.exe. Used to extract and display desired entries from the Netlogon log files.

    The tool I used and turned out to be very useful was lockoutstatus.exe, you provide the account details of the account you are having a problem with and it returns a breakdown of all the domain controllers on your network with the status of he account on that particular server. The details include whether the account is locked out or not, time the account was locked, the number of bad passwords and the last time a bad password was provided.

    Certifications: MCSE:M & S MCSA:M CCNA CNA
    WIP: 2003 Upgrade, CCNA Upgrade
  2. Jakamoko
    Honorary Member

    Jakamoko On the move again ...

    Nice, Phil - will have a good look at that one.
    Certifications: MCP, A+, Network+
    WIP: Clarity
  3. AJ

    AJ Administrator Administrator

    Nice one Phil, will d/l that one for a butchers later :biggrin
    Certifications: MCSE, MCSA (messaging), ITIL Foundation v3
    WIP: Looking at doing ..................
  4. nugget
    Honorary Member

    nugget Junior toady

    Top stuff Phil.

    Are these tools part of any resource kit?
    Certifications: A+ | Network+ | Security+ | MCP (270,271,272,290,620) | MCDST | MCTS:Vista
    WIP: MCSA, 70-622,680,685
  5. Phil
    Honorary Member

    Phil Gigabyte Poster

    Not as far as I know nugget, I think they're just available as a download from MS. Took some searching before I came across them.
    Certifications: MCSE:M & S MCSA:M CCNA CNA
    WIP: 2003 Upgrade, CCNA Upgrade

Share This Page