Account Lockouts


  • Hi all

    I have an environment where I have several technicians signing into remote servers throughout the day for different tasks, a mixture of Server 2003 and 2008 servers. Occasionally, someone will find that their AD account has been locked out, and they cannot remember which session is causing the lockout. I know this has been asked before, but I have been unable to find a resolution using the 2 options I have tried, ie

    PSTools -PsLoggedon

    my own PC is Windows7. When I run PSLoggedon \\pcname I can see who is logged into pcname, so this would only help on a machine by machine basis. I need to scan through our entire list of server, to see which servers John.Smith is logged into. Running PSLoggedon \\domainname\John.Smith returns "error opening HKEY_USERS for domainname\John.Smith

    What I am looking for is a list of every machine John.Smith is logged into across our domain. 

    Domain Controller -Event Viewer - Windows Log - Security - Event Number 4624

    This event will list logon events, and in the General tab you will see the user, but I cannot filter this log by user name. There are too many events to look through, and the time the user may have logged on is not known either, so I cant really use this option, unless there is a way to either filter Event Viewer by "Account Name", or by querying the same data via CMD or Powershell, and again filtering by Account Name. 

    Any advice would be greatly appreciated, thanks very much everyone

    Wednesday, April 10, 2019 8:38 AM