A user account was locked out Event ID 4740

The indicated user account was locked out after repeated logon failures due to a bad password.

See event ID 4767 for account unlocked.

This event is logged both for local SAM accounts and domain accounts.

Example 4740

A user account was locked out.

Subject:

   Security ID:  SYSTEM

   Account Name:  WIN-R9H529RIO4Y$

   Account Domain:  WORKGROUP

   Logon ID:  0x3e7

Account That Was Locked Out:

   Security ID:  WIN-R9H529RIO4Y\John

   Account Name:  John

Additional Information:

   Caller Computer Name: WIN-R9H529RIO4Y

Solution :

To unlock a user’s account, find AD user object, open the properties, go to the Account tab, check “Unlock account.

This account is currently locked out on this Active Directory Domain Controller” and press OK.

Using Command

Check Status:

Check that the user account is locked. To do this, run the following PowerShell one-liner:

Get-ADUser -Identity bjackson -Properties LockedOut | Select-Object samaccountName,Lockedout| ft -AutoSize

The account is locked (Lockedout=True).

To unlock a user account, you can use the cmdlet:

Unlock-ADAccount bjackson –Confirm

To confirm unlock account press Y, then Enter.

Now the user can login to the domain computer or server under his account. To Unlock Bulk Users Account Download Bulk AD Users Software For Free

Events List:

4720(S): A user account was created.

4722(S): A user account was enabled.

4723(S, F): An attempt was made to change an account’s password.

4724(S, F): An attempt was made to reset an account’s password.

4725(S): A user account was disabled.

4726(S): A user account was deleted.

4738(S): A user account was changed.

4740(S): A user account was locked out.

4765(S): SID History was added to an account.

4766(F): An attempt to add SID History to an account failed.

4767(S): A user account was unlocked.

4780(S): The ACL was set on accounts which are members of administrators groups.

4781(S): The name of an account was changed.

4794(S, F): An attempt was made to set the Directory Services Restore Mode administrator password.

4798(S): A user’s local group membership was enumerated.

5376(S): Credential Manager credentials were backed up.

5377(S): Credential Manager credentials were restored from a backup.

Security Monitoring Recommendations

Is It Helpful ? Yes/NO Reply in comment box !

Published by Dlightdaily

Author is a passionate Blogger and Writer at Dlightdaily . Dlightdaily produces self researched quality and well explained content regarding HowToGuide, Technology and Management Tips&Tricks.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.