Active Directory account lockout issue

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

welcome to my channel back today we are going to learn how to identify account lockout source okay most of the time we have been asked in interview how will you find account source lockout whenever users try to login on his system his account gets locked out because of he might have saved his credentials in browser or in touch scheduler or he might have logged into another system by using different password okay there might be different different causes to account lockout issue okay so today we are going to discuss how to identify from where the account is getting locked out okay so guys we have logged into our domain controller at this moment this is our domain controller adsrv01 and we have another system this is user machine okay now we have user name i will just show you let me just open active directory console so here you can see we have created test account okay so we are going to login on desktop machine see i have already logged in okay so i have used test account okay so i will just log out from here log off [Music] and i will try to login again okay with wrong password okay after i enter wrong password multiple times my account will get logged out see i received this error the referenced account is currently logged out and may not be logged on that means my account has been logged out so how we will check from where this account is getting logged out so we have domain controller we have access on domain controller so we just need to check event viewer where we will search for specific account lockout event id okay so before that i just want to show you that here you can see account lockout parameter see account this account is currently logged out on this active directory domain controller once you check mark here this account will get unlocked okay so i will just show you event viewer first in in event viewer you can expand custom view sorry not custom view windows logs and under windows logs you need to select security logs so you will find account lockout events under the security logs okay and if you look for event id 4740 you will able to search here four seven four zero see this is the event id which will get generated after our wrong password after our login with wrong password okay on which system on desk 0 1 by which account we try to login by using this account test 01 and here is the message a user account was locked out so we can identify from where the account is getting locked out by using four seven four zero event id we just need to search for 40140 event id and if you open it you can see here caller computer name means what our account this specific test one account is getting locked out from desk 1 desk01 okay you can inform to user please clear your credentials from browser if you saved or you can ask user to update your password in any application which is saved by him okay he the user must enter his new password on their applications which is causing account issue account lockout issue okay so this is the way we can search account lockout source okay then if you have multiple events then you can filter logs you just need to click on filter current logs this window will open here all event ids category you just need to enter 4740 event id once you click on ok it will show you account lockout event ids 4740 okay that's fine now let's move to group policies means what what policies are causing this issue means what from which policy these settings are getting applied on our systems or users so we can check from here gpmc dot msc i just want to open my group management console c this is the default domain policy and this policy is having account lockout policy with settings from here account lockout settings are getting applied to user machines or you can say users user accounts see whenever user try to enter wrong password two times if he tries to log in on any machine with wrong passwords the account will get locked out for 30 minutes after 30 minutes it will get unlocked automatically otherwise we need to unlock from here if you look at here see i just need to click on this category apply okay and again if you double click here and if you check see unlocked okay so this is the way we can unlock that directory accounts i hope you all are understand now let's try to login again let me just try with correct password once i enter my correct password i am able to log i hope you have enjoyed my video please like and subscribe thanks for watching have a great day bye

Info

Channel: System Administrator

Views: 40,821

Rating: undefined out of 5

Keywords: Active Directory account lockout issue, account locked out in AD, account lock out issue in AD, AD account lock out issue, account locked out, event ID 4740, the referenced account is currently locked

Id: EUIxnggenN8

Channel Id: undefined

Length: 7min 49sec (469 seconds)

Published: Thu Jan 13 2022