Hi Team, i wanted to audit user account lockout. i have two forest which are running with Server 2003 and Server 2008 R2. i enable Account management audit policy using GPO. so my problem is, Dose Domain, log any Event if user account get locked? If yes, please let me know the Event ID and how to configure it to Log a event on Domain Thanks.

Hi, In Windows Server 2003, the event ID for account lockout is 539: 539 Logon failure. The account was locked out at the time the logon attempt was made. In Windows Server 2008 R2, it is 4740: 4740 A user account was locked out. For more information, please refer to: Maintaining and Monitoring Account Lockout http://technet.microsoft.com/en-us/library/cc776964(v=ws.10).aspx Description of security events in Windows 7 and in Windows Server 2008 R2 http://support.microsoft.com/kb/977519/en-us Hope this helps. Regards, Bruce Forum Support Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

Hi, Just checking in to see if the information was helpful. Please let us know if you would like further assistance. Have a great day!