none
Active Directory Account Lockout E-mail Alert

    Question

  • My company is running Windows Server 2003 R2 SP2 Enterprise DC's. 

    We want to be able to setup Account Lockout E-mail Alerts to our system administrators group.  I know of a few ways using PowerShell scripts and Task Scheduler on a Windows Server 2008 DC (and above) we can accomplish this task, however wasn't certain of the best practice to do it with an older Windows Server 2003 DC. Keep in mind we are running Enterprise, so tools such as "Account Lockout Events" available on SBS aren't available to us. Maybe the "Network Monitoring Tools" can do the trick, or connecting with Management on a newer system backdoor to the older DC's to create the task and run the script? What is the best practice for a situation like this? Thanks. 

    Monday, December 10, 2012 5:51 PM

Answers

All replies

  • >>>> create the task and run the script? What is the best practice for a situation like this?

    Yes , your assumption is correct based on the security logs,create a task and get email alerts.The below are the links for your reference.

    • http://www.spccompanies.com/blog/integrated-solutions-blog/68-active-directory-user-account-lockout-notification-part-1
    • http://www.spccompanies.com/blog/integrated-solutions-blog/69-active-directory-user-account-lockout-notification-part-2

    Regards, Ravikumar P

    Monday, December 10, 2012 7:01 PM
  • Thank you for your reply. However when creating the task, I do not have the ability to "Begin the task: On an event" since the Server is running 2003. I noticed on my 2008 and and newer servers I can, but those aren't domain controllers. Am I going to have to upgrade Windows on the DC's before being able to accomplish this task? 
    Monday, December 10, 2012 7:42 PM
  • Have you seen above two links? those two have the info what you are looking for.Just follow the links and configure accordingly.

    Moreover, Event ID 4740 in the security log gives us the status of account lockout in windows 2008, where as corresponding event in Windows 2003 and before is 644.

    Creating a schedule task in both OSes are more or less similar.If you really want to upgrade/migrate DCs from windows 2K3 server to windows server 2008. Just follow migration steps.


    Regards, Ravikumar P

    Monday, December 10, 2012 7:59 PM
  • Yes, I followed the 2 URL's word for word. However, if you look on "Part 1" when creating the task, it tells you to "Begin the task: On the event". I do not have this option. Also, in Part 1, it tells you to create the task as "Windows Vista or Windows Server 2008", I again do not have this option, all I have is "Windows XP or Windows Server 2003", which I believe is what is stopping me from being able to always get my alerts. I could schedule it to run every 30 minutes, but that won't help me or my department when needing real time e-mail alerts. You are correct on the event ID being 644, but again that's just a # change on a task that I do not have the ability to create

    I would prefer not to do the domain migration/upgrade at this time since I would need to go through all the proper channels to get authority, which can sometimes take weeks. What I need to know is how I can set this task to be "On the event" if that's even possible, or if there's some type of workaround. If it's not possible I completely understand, I'll just have to figure something else out. 

    Monday, December 10, 2012 8:12 PM
  • Yes, I agree with you configuring schedule task in windows 2003 server  is different than windows server 2008. Also we can't create a task in windows server 2003 using events recorded in security logs.

    Moreover it can be accomplished with the help of log forwarding. So, configure security event log forwarding of 2003 server to any other 2008 server in your domain, then follow the steps which gave in my first post.

    I suggest you check below links once.


    Regards, Ravikumar P

    • Marked as answer by Austin721 Tuesday, December 11, 2012 4:43 PM
    Tuesday, December 11, 2012 7:48 AM

  • Moreover it can be accomplished with the help of log forwarding. So, configure security event log forwarding of 2003 server to any other 2008 server in your domain, then follow the steps which gave in my first post.

    Thank you Ravikumar. This is the answer I was looking for. 
    Tuesday, December 11, 2012 4:45 PM