Skip to content

The Microsoft Account Lockout Tools

May 28, 2013

Account Lockout and Management Tools

 

ALTools.exe contains tools that assist you in managing accounts and in troubleshooting account lockouts.

ALTools.exe includes:

1.       AcctInfo.dll. Helps isolate and troubleshoot account lockouts and to change a user’s password on a domain controller in that user’s site. It works by adding new property pages to user objects in the Active Directory Users and Computers Microsoft Management Console (MMC).

2.       ALockout.dll. On the client computer, helps determine a process or application that is sending wrong credentials.

Caution: Do not use this tool on servers that host network applications or services. Also, you should not use ALockout.dll on Exchange servers, because it may prevent the Exchange store from starting.

3.       ALoInfo.exe. Displays all user account names and the age of their passwords.

4.       EnableKerbLog.vbs. Used as a startup script, allows Kerberos to log on to all your clients that run Windows 2000 and later.

5.       EventCombMT.exe. Gathers specific events from event logs of several different machines to one central location.

6.       LockoutStatus.exe. Determines all the domain controllers that are involved in a lockout of a user in order to assist in gathering the logs. LockoutStatus.exe uses the NLParse.exe tool to parse Netlogon logs for specific Netlogon return status codes. It directs the output to a comma-separated value (.csv) file that you can sort further, if needed.

7.       NLParse.exe. Used to extract and display desired entries from the Netlogon log files.

After you’ve downloaded ALTools.exe from the Microsoft Download Center, double-click on the file to extract the tools to a directory. Then install the tools as needed on domain controllers, member servers, or on workstations as described below:

AcctInfo.dll: Helps isolate and troubleshoot account lockouts and to change a user’s password on a domain controller in that user’s site. It works by adding a new property page “Additional Account Info” (see below) to user objects in the Active Directory Users and Computers Microsoft Management Console (MMC).

Make sure to copy the file AcctInfo.dll to %windir%\System32.

Make sure to register the library using “regsvr32 acctinfo.dll”.

LockoutStatus.exe:

Displays information about a locked out account by gathering account lockout-specific information from all the domain controllers that are involved in a lockout of a user in order to assist in gathering the logs.

LockoutStatus.exe uses the NLParse.exe tool to parse Netlogon logs for specific Netlogon return status codes.

It directs the output to a comma-separated value (.csv) file that you can sort further, if needed.

Make sure to copy the file LockoutStatus.exe to %windir%\system32. (that will make the “Account Lockout Status” button appear – see above)

Make sure to download the latest version available here.

The following list describes the different information that is displayed by the tool:

DC Name Displays all domain controllers that are in the domain
Site Displays the sites in which the domain controllers reside
UserState Displays the status of the user and whether that user is locked out of their account.
Bad Pwd Count Displays the number of bad logon attempts on each domain controller.
Last Bad Pwd Displays the time of the last logon attempt that used a bad password.
Pwd Last Set Displays the value of the last good password or when the computer was last unlocked.
Lockout Time Displays the time when the account was locked out.
Orig Lock Displays the domain controller that locked the account (the domain controller that made the originating write to the LockoutTime attribute for that user).

From → Active Directory

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: