Skip to content
Active Directory Pro Docs

How to Troubleshoot Active Directory Account Lockouts

In this guide, you will learn how to quickly find the source of Active Directory account lockouts using the AD Pro Toolkit. Easily troubleshoot account lockouts and find which computer or IP the lockout is coming from.

Requirements

Section titled “Requirements”
  • Your account needs access to read the event controller logs.
  • You can grant Non-Admins read only access to the event logs by adding them “Event Log Readers” Active Directory group.

How to

Section titled “How to”

Step 1. Click on Tools > Users > Lockout Troubleshooter

Note: If you have a lot of users this tool can pull back a lot of logs. Its best to limit the date range close to the lockout time if you can.

Step 2. Click “Scan”.

click scan

Any locked users will display in the locked users section. It will check for lockouts and bad password attempts on all DCs.

To unlock, select a user and click the unlock selected button.

locked users

The locked events section shows the lockout events from your domain controller.

locked events

In the example above, you can see the user Amy.Payne was locked and the source machine was srv-2019. This is the computer that the lockout occurred on.

There will be times when the source machine is blank for event 4740, this is often due to the lockout occurring a non domain joined device. When this happens use event 4771, this will show authentication failed attempts.