ProblemA user is having account lockout problems and you need to determine where it is getting locked from and how it is getting locked out. SolutionUsing a graphical user interfaceLockoutStatus is a tool available for Active Directory that can help identify which domain controllers users are getting locked on. It works by querying the lockout status of a user against all domain controllers in the user's domain. To determine the lockout status of a user, open LockoutStatus and select File Select Target from the menu. Enter the target username and the domain of the user. Click OK. At this point, each domain controller in the domain will be queried and the results will be displayed. DiscussionThe Lockoutstatus.exe tool is just one of many that are available in the "Account Lockout and Management" tool set provided by Microsoft. These new lockout tools are intended to help administrators with account lockout problems that are very difficult to troubleshoot. Along with the tool mentioned in the Solution, here are a few others that are included in the set:
All of the new Account Lockout tools can be downloaded from the following location: http://microsoft.com/downloads/details.aspx?familyid=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en See AlsoMS KB 813500 (Support WebCast: Microsoft Windows 2000 Server and Windows Server 2003: Password and Account Lockout Features) |