Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1
How to Use Account Lockout and Management Tools

How to Use Account Lockout and Management Tools

Ratings: (0)|Views: 352 |Likes:
Published by psukhija
Account Lockout and Management Tools
Account Lockout and Management Tools

More info:

Published by: psukhija on Jun 15, 2010
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





How to use Account Lockout and Management Tools
DOWNLOAD NOW Installing ALTools.exe
After you've downloaded ALTools.exe from the Download Center, double-click on the fileto extract the tools to a directory of your choosing. Then install the tools as needed ondomain controllers, member servers, or workstations as described under each tooldiscussed below.
 This DLL adds a new tab called Additional Account Info to user account properties sheetsin the Active Directory Users and Computers (ADUC). Copy the file to the System32 folderof the computer on which you run ADUC (typically an administrator workstation withadminpak.msi installed) and then open a command prompt and type regsvr32 acctinfo.dllto register the DLL. Now open ADUC and view the properties of a locked-out user like BobSmith in Figure 2 below:
Figure 2:
AcctInfo.dll adds the Additional Account Info tab to the properties sheet for auser accountThere's lots of information here, but in particular line four indicates the date and timewhen Bob's account became locked and when it will automatically unlock. Clicking theDomain PW Info button displays the password policy for the domain:
Figure 3:
Result of clicking the Domain PW Info buttonClicking the Set PW On Site DC button lets you reset the password for the user and unlockthe account (see Figure 3). This is useful because if you want to reset a user's passwordyou should do it using a domain controller in the AD site where the user's computerresides, otherwise replication latency may cause a delay before the user can log on again.This is a better approach to resetting an account by right-clicking on it and selecting ResetPassword.
Figure 4:
Resetting a user's password on a DC in a remote site
 This tool creates a log file that can help you diagnose the cause of account lockoutproblems. Extract the files from ALockout.zip (for Windows 2000) or AlockoutXP.zip (forWindows XP) and copy them the computer experiencing the lockout problems (usually auser's workstation). Copy ALockout.dll to the System32 directory and double-click onAppinit.reg to register the DLL. Then restart the machine and when the lockout problemhappens again you can view the log file %WinDir%\debug\ALockout.txt to troubleshoot.Note that interpreting this log requires you understanding Netlogon logging, which isdiscussed in detail in the previously mentioned whitepaper. 
 This tool displays the password age for user accounts so you can determine which accountsare about to expire and anticipate problems before they occur. To use this tool copy it toa folder in the system path on a domain controller and run it from a command prompt.Here's an example:C:\>
aloinfo /expires /server:test220
Getting Users (This may take a while)...Retrieved 28 usersPrinting Users in descending PW age...Administrator,28krbtgt,28asmith,4bsmith,4csmith,3dsmith,3esmith,3...

Activity (3)

You've already reviewed this. Edit your review.
1 thousand reads
1 hundred reads
yogeshdhuri22 liked this

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->