Tuesday, April 13, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

Quick Guide — How to Troubleshoot Active Directory Account Lockouts

November 30, 2020
in Internet Privacy
Quick Guide — How to Troubleshoot Active Directory Account Lockouts
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Active Directory account lockouts can be hugely problematic for organizations. There have been documented instances of attackers leveraging the account lockout feature in a type of denial of service attack. By intentionally entering numerous bad passwords, attackers can theoretically lock all of the users out of their accounts.

But what do you do if you are experiencing problems with account lockouts?

You might also like

New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices

BRATA Malware Poses as Android Security Scanners on Google Play Store

Indian Brokerage Firm Upstox Suffers Data Breach Leaking 2.5 Millions Users’ Data

The Windows operating system is somewhat limited in its ability to troubleshoot account lockouts, but there are some things that you can do. For example, you can use Windows PowerShell to determine which accounts have been locked out. The command for doing so is:

Search-ADAccount -LockedOut -UsersOnly | Select-Object Name, SamAccountName

Incidentally, the UsersOnly parameter prevents computer objects from being included in the results, while the Select-Object command filters the results list to display only the user’s name and their account name.

If you find that accounts have been locked out, then there are a couple of ways of unlocking them. You can unlock accounts one at a time by using this command:

Unlock-ADAccount -Identity <username>

If, on the other hand, you need to unlock user accounts in bulk, then you can do so with this command:

Search-ADAccount –LockedOut | Unlock-ADAccount

While it is undeniably important to be able to unlock user accounts, it is equally important to be able to find out why accounts were locked out in the first place. You can gain a little bit of insight into the problem by using a variation of the Search-ADAccount command that you saw a moment ago:

Search-ADAccount -LockedOut | Select-Object *

This command will display additional information about all of the accounts that have been locked out. You can use this information to find out when the user last logged on and whether the user’s password is expired. Because this command can return a lot of data, you may find it helpful to write the results to a CSV file. Here is an example of how to do so:

Search-ADAccount -LockedOut | Select-Object * | Export-CSV -Path c:templockout.csv

It is possible to go further with Active Directory lockout troubleshooting using the native Windows tools, but in order to do so, you’re going to need to make a change to your group policy settings prior to lockouts occurring. Oddly enough, account lockouts are not logged by default.

You can enable logging by opening the Group Policy Editor and navigating through the console tree to Computer Configuration | Windows Settings | Security Settings | Advanced Audit Policy Configuration | System Audit Policies | Account Management. Now, enable both success and failure auditing for user account management.

Once the new group policy setting has been applied across the domain, it will cause event number 4740 to be written to the Security event log any time that an account becomes locked out.

Get-WinEvent -FilterHashtable @{logname=”Security”; ID=4740}

There is a good chance that this command will produce an overwhelming number of results. You can use the Select-Object cmdlet to limit the number of results shown. If, for instance, you only want to see the ten most recent results, you could use this command:

Get-WinEvent -FilterHashtable @{logname=”Security”; ID=4740} | Select-Object UserID, Message -Last 10

Notice that I also included references to UserID and Message in the Select-Object cmdlet. The UserID will cause the username to be displayed, and the reference to Message will cause PowerShell to display detailed information about the event. Perhaps the most useful item displayed in the message is the Caller Computer Name, which reflects the name of the machine that caused the user account to be locked out. If necessary, you can also use the TimeCreated property to find out when the lockout occurred.

The command shown above can sometimes cut off the Message. If this happens to you, you can get around this problem by appending the Format-List command, as shown below:

Get-WinEvent -FilterHashtable @{logname=”Security”; ID=4740} | Select-Object UserID, Message -Last 10 | Format-List

As you can see, Windows is limited in its ability to help you to troubleshoot account lockout problems. If you are consistently experiencing account lockout issues and need additional troubleshooting capabilities or if you, like many other organizations, are experiencing an increase in account lockout related calls during the global pandemic, then you might consider checking out some of the third-party tools that are available such as a self-service password reset solution.

Identifying what is driving lockouts and rectifying the issue is one part of the equation. To address the issue holistically, IT departments need to provide users with the ability to unlock their own accounts securely, anytime, anywhere.


Credit: The Hacker News By: noreply@blogger.com (The Hacker News)

Previous Post

Network Graph Visualizations with DOT

Next Post

Four years after the Dyn DDoS attack, critical DNS dependencies have only gone up

Related Posts

New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices
Internet Privacy

New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices

April 13, 2021
BRATA Malware Poses as Android Security Scanners on Google Play Store
Internet Privacy

BRATA Malware Poses as Android Security Scanners on Google Play Store

April 13, 2021
Indian Brokerage Firm Upstox Suffers Data Breach Leaking 2.5 Millions Users’ Data
Internet Privacy

Indian Brokerage Firm Upstox Suffers Data Breach Leaking 2.5 Millions Users’ Data

April 13, 2021
What Does It Take To Be a Cybersecurity Researcher?
Internet Privacy

What Does It Take To Be a Cybersecurity Researcher?

April 12, 2021
Windows, Ubuntu, Zoom, Safari, MS Exchange Hacked at Pwn2Own 2021
Internet Privacy

Windows, Ubuntu, Zoom, Safari, MS Exchange Hacked at Pwn2Own 2021

April 12, 2021
Next Post
Four years after the Dyn DDoS attack, critical DNS dependencies have only gone up

Four years after the Dyn DDoS attack, critical DNS dependencies have only gone up

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices
Internet Privacy

New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices

April 13, 2021
Machine Learning Approach In Fantasy Sports: Cricket
Machine Learning

Machine Learning Approach In Fantasy Sports: Cricket

April 13, 2021
These new vulnerabilities put millions of IoT devices at risk, so patch now
Internet Security

These new vulnerabilities put millions of IoT devices at risk, so patch now

April 13, 2021
BRATA Malware Poses as Android Security Scanners on Google Play Store
Internet Privacy

BRATA Malware Poses as Android Security Scanners on Google Play Store

April 13, 2021
6 Limitations of Desktop System That QuickBooks Hosting Helps Overcome
Data Science

6 Limitations of Desktop System That QuickBooks Hosting Helps Overcome

April 13, 2021
ANZ Bank: We’ve been using machine learning for 20 years
Machine Learning

ANZ Bank: We’ve been using machine learning for 20 years

April 13, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices April 13, 2021
  • Machine Learning Approach In Fantasy Sports: Cricket April 13, 2021
  • These new vulnerabilities put millions of IoT devices at risk, so patch now April 13, 2021
  • BRATA Malware Poses as Android Security Scanners on Google Play Store April 13, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates