December 23, 2024

Tracking down Active Directory Lockouts

1 min read

One thing that is really difficult is figuring out the cause of lockouts in your environment. It is very common to find the machine causing lockouts, but not the application. This tip helped me a lot in the past.

On the affected machine run the following command. This will create a debug log for you in %windir%\debug\netlogon.log

nltest /dbflag:0x2080ffff

The logs can be quite verbose though so to turn it off you should run the below command

nltest /dbflag:0x0

It can sometimes still be difficult, but it is much more likely to find the culprit in those logs than try to guess.

Leave a Reply

Your email address will not be published. Required fields are marked *