This tip was submitted to the SearchWin2000.com tip exchange by member Brian Anderson. Please let other users know how useful it is by rating it below.
We have over 50 domain controllers in our Active Directory domain. Occasionally, we get calls from users reporting account lockouts that are happening several times a day. This problem occurs 99% of the time after a user has logged onto a computer, changed his password, and then forgotten to log off.
To find the computer that's causing the lockouts, we use Microsoft's free utility, AL.exe. This tool allows you to select a target account and determine which DC the account is being locked from. Once the lockout DC is found, the last bad password time will also be displayed. Within AL, right click on the DC open the security event log, and scroll to the time of the last bad password. This is much easier than using Event Comber on 50 domain controllers.