Enterprise SIEM, Centralized Log Management, Security, Compliance, Server Monitoring and Uptime Monitoring Software
Table of Contents

Account Lockout Reports

Sever Manager includes two different account lockout reports.

TypeDescription
Security Event Log Account Lockout Report Scan multiple Domain Controller Security Event logs for domain account lockout history and/or scan multiple stand-alone server Security Event logs for non-domain local account lockout history.
Account Lockout Report (Active Directory/WMI) Scan multiple domains for currently locked out domain accounts and, optionally, scan multiple stand-alone servers for currently locked out non-domain local accounts.

Security Event Log Account Lockout Report

Server Manager includes a sample report that scans the Security Event Logs in the Log Database for lockout history.

Event Log Consolidation must be enabled for each target domain controller and stand-alone server.
  • From the Explorer View, navigate to Reports | Sample Reports | Event Logs | Security Reports | Account Lockout, right click on Account Lockout Report then select Properties. The Properties view displays.
  • The Report Properties view contains 7 configuration tabs.

The Options Tab

  • Use the Show currently locked out accounts option to show all accounts that are currently locked out without any prior history.
  • Use the Show lockout history option to include the number of times an account has been locked and manually unlocked.
    Windows only logs unlock events when an Administrator manually unlocks an account. Windows does not log each time an account automatically unlocks.

Account Lockout Report (Active Directory/WMI)

Server Manager includes a sample report that scans Active Directory and stand-alone servers for locked out accounts.

  • From the Explorer View, navigate to Reports | Sample Reports | Event Logs | Security Reports | Account Lockout, right click on Account Lockout Report (Active Directory/WMI) then select Properties. The Properties view displays.
  • The Report Properties view contains 4 configuration tabs.

The Options Tab

  • Use the Scan Active Directory for locked out domain accounts check box to scan Active Directory then use the Directory Service drop-down to select the domain to monitor.
  • Use the Scan assigned machines for locked out local accounts check box to scan stand-alone servers for locked out non-domain local accounts.

Host Assignment

  • Use the Assignments View to assign each target host and host group.
    Only assign stand-alone servers to this report if you are generating a report of non-domain account lockouts. Do not assign any hosts if you are only monitoring domain accounts.

Related Topics

Event Log Consolidation Template