Stumbled upon a tool from Microsoft called ALTools that I thought were absolutely awesome. It’s over 7 years old so I wonder why I haven’t seen it before
Nevertheless it’s as cool now as it was when it was released.
ALTools consists of several tools, but the coolest of them are:
- aloinfo – Displays all user account names and the age of their passwords
- eventcombMT – Gathers specific events from event logs of several different machines and saves them in a text file
- LockoutStatus – Shows a list of all domain controllers in a given domain and the lockoutstatus of a given user on those
I have used eventcomb a couple of times as it has some predefined searches, for example Account Lockouts.
That particular search is quit helpful if you have a user that frequently gets locked out.
Just choose the predfined search, input username and hit search. A few minutes later you have txt files containing only the eventlog entries regarding account lockouts and the given user.