I had a recent experience with a client where a user account was getting locked out but the but the logs on the domain controller weren’t very helpful. Basically besides telling us the account was locked out they did nothing, no location, nothing.
After quite a bit of research on google I found this blog post http://jackstromberg.com/tag/microsoft_authentication_package_v1_0/ . While Jack didn’t have the same issue his solution was exactly what I needed which was to turn on verbose logging of Netlogon,
From a command prompt run the following command nltest /dbflag:0x2080ffff
Review the log file generated at %windir%\debug\netlogon.log
When you are finished run the following command to disable verbose logging nltest /dbflag:0x0
More info can be found at this Microsoft Support Article http://support.microsoft.com/kb/109626/en-us
The verbose logging led me to the exact reason of the the lockouts. Which turned out to be a computer the user had forgot they had logged into.
Leave a Reply