AD Pro Toolkit User Guide
- Getting Started
- User Management
- Group Management
- Security Tools
- AD Reports
- Other Tools
- Troubleshooting
- Firewall Settings
- Audit Log Settings
Audit Log Settings
The lockout troubleshooter tool requires the audit policies to be configured.
This will enable the tool to collect events 4771 and 4740 from your domain controllers.
How to enable Auditing log settings
On your Default Domain Controller policy navigate to the following GPO settings:
computer configuration -> Security Settings -> Advanced Audit Policy Configuration -> Audit Policies -> Account Management
Enable success and failure for the “Audit User Account Management” policy.
Next, enable the following:
computer configuration -> Security Settings -> Advanced Audit Policy Configuration -> Audit Policies -> Account Logon
Enable Success and Failure for “Audit Kerberos Authentication Service.”
The required auditing is now turned on and event IDs 4740 and 4771 will be logged in the security event logs when an account is locked out. The user unlock tool will query the domain controller event logs for this event ID to display additional lockout details.