Table of Contents
- Introduction
- System Requirements
- Assign Service Logon As Credentials
- Server Configuration
- Agent-Based Monitoring
- Azure Relay Hybrid Connection
- Account Lockout Monitoring and Reporting
- Data Providers
- Directory Services
- Hosts
- Templates
- Template Properties
- Batch Update Templates
- Log Management Templates
- File and Directory Monitor Templates
- Windows Monitor Templates
- Account Lockout Monitor Template
- Logon Monitor Template
- CPU Monitor Template
- Memory Monitor Template
- Disk Space Monitor Template
- SMART Monitor Template
- Process Monitor Template
- Service Monitor Template
- Performance Counter Monitor Template
- Active Directory User Monitor Template
- Active Directory User Integrity Monitor Template
- Clock Synchronization Template
- Defragment NTFS Disks Template
- Network and Application Monitor Templates
- SSL Certificate Monitor Templates
- Email Monitor Templates
- SNMP Monitor Templates
- Monitor Hierarchy
- Reports
- Auto-Configurators
- Options
- Actions
- Filters
- Schedules
- Shared Views
- General Executable Properties
- Assign Actions
- Assign Directories
- Assign Disks
- Assign Shares
- Assign Files
- Assign Consolidated Logs
- Assign Event Logs
- Assign Active Directory Audit Logs
- Target Files and Sub-Directories
- Define Log Entry Columns
- Define CSV and W3C Log Entry Columns
- Active Directory User and Group Filters
- Explicitly Assigned Logs
- Report Columns
- Report Date/Time Ranges
- Report Security Event Log Filters
- SNMP Browser
- SSH Shell
- Exporting and Importing Configuration Objects
- Command Line Interface
- Troubleshooting
- Terminology
Account Lockout Reports
Sever Manager includes two different account lockout reports.
| Type | Description |
|---|---|
| Security Event Log Account Lockout Report | Scan multiple Domain Controller Security Event logs for domain account lockout history and/or scan multiple stand-alone server Security Event logs for non-domain local account lockout history. |
| Account Lockout Report (Active Directory/WMI) | Scan multiple domains for currently locked out domain accounts and, optionally, scan multiple stand-alone servers for currently locked out non-domain local accounts. |
Security Event Log Account Lockout Report
Server Manager includes a sample report that scans the Security Event Logs in the Log Database for lockout history.
 |
Event Log Consolidation must be enabled for each target domain controller and stand-alone server. |
- From the Explorer View, navigate to Reports | Sample Reports | Event Logs | Security Reports | Account Lockout, right click on Account Lockout Report then select Properties. The Properties view displays.
- The Report Properties view contains 7 configuration tabs.
The Options Tab
- Use the Show currently locked out accounts option to show all accounts that are currently locked out without any prior history.
-
Use the Show lockout history option to include the number of times an account has been locked and manually unlocked.
Windows only logs unlock events when an Administrator manually unlocks an account. Windows does not log each time an account automatically unlocks.
Account Lockout Report (Active Directory/WMI)
Server Manager includes a sample report that scans Active Directory and stand-alone servers for locked out accounts.
- From the Explorer View, navigate to Reports | Sample Reports | Event Logs | Security Reports | Account Lockout, right click on Account Lockout Report (Active Directory/WMI) then select Properties. The Properties view displays.
- The Report Properties view contains 4 configuration tabs.
The Options Tab
- Use the Scan Active Directory for locked out domain accounts check box to scan Active Directory then use the Directory Service drop-down to select the domain to monitor.
- Use the Scan assigned machines for locked out local accounts check box to scan stand-alone servers for locked out non-domain local accounts.
Host Assignment
-
Use the Assignments View to assign each target host and host group.
Only assign stand-alone servers to this report if you are generating a report of non-domain account lockouts. Do not assign any hosts if you are only monitoring domain accounts.