AD Account Lockout Monitoring

SCOM will generate alert if active directory user account is locked out.

Steps are shown below

1.Authoring -> Rules -> NT EventLog
2.Target to Active Directory Domain Controller Computer Role
3.Criteria should be Event id “4740”, operator “equals”
4.Event Source “Microsoft-Windows-Security-Auditing”
5.”TargetUserName ” equals “username”



Author: priyathamsystemcenterblog

I am system center operations manager & configuration manager administrator And has good knowledge in windows servers too.................................:)

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s