donderdag 8 mei 2008 13:42
Kurt Roggen
Account Lockout Tools & RSAT Active Directory Users and Computers (ADUC)
Good news! The Microsoft Account Lockout Tools still work as expected on a Windows Vista SP1 with RSAT.
What do you need? Just the same 2 files as before!
After you've downloaded ALTools.exe from the Microsoft Download Center, double-click on the file to extract the tools to a directory. Then install the tools as needed on domain controllers, member servers, or on workstations as described below:
- AcctInfo.dll: Helps isolate and troubleshoot account lockouts and to change a user's password on a domain controller in that user's site. It works by adding a new property page "Additional Account Info" (see below) to user objects in the Active Directory Users and Computers Microsoft Management Console (MMC).
Make sure to copy the file AcctInfo.dll to %windir%\System32.
Make sure to register the library using "regsvr32 acctinfo.dll"
- LockoutStatus.exe: Displays information about a locked out account by gathering account lockout-specific information from all the domain controllers that are involved in a lockout of a user in order to assist in gathering the logs. LockoutStatus.exe uses the NLParse.exe tool to parse Netlogon logs for specific Netlogon return status codes. It directs the output to a comma-separated value (.csv) file that you can sort further, if needed.
Make sure to copy the file LockoutStatus.exe to %windir%\system32. (that will make the "Account Lockout Status" button appear - see above)
Make sure to download the latest version available here.
The following list describes the different information that is displayed by the tool: | DC Name | Displays all domain controllers that are in the domain |
| Site | Displays the sites in which the domain controllers reside |
| UserState | Displays the status of the user and whether that user is locked out of their account. |
| Bad Pwd Count | Displays the number of bad logon attempts on each domain controller. |
| Last Bad Pwd | Displays the time of the last logon attempt that used a bad password. |
| Pwd Last Set | Displays the value of the last good password or when the computer was last unlocked. |
| Lockout Time | Displays the time when the account was locked out. |
| Orig Lock | Displays the domain controller that locked the account (the domain controller that made the originating write to the LockoutTime attribute for that user). |
Related reading:
Filed under: WindowsServer2008, WindowsVista, ActiveDirectory, Security, RSAT