I came across the following article when attempting to troubleshoot some locked out accounts - of course we can enable failed authentication attempts on the DC with group policy - although in some cases source information can be missing - we can enable this by issuing the following command on the DC:
Nltest /DBFlag:2080FFFF
This will enable verbose login information logging - which will be written to:
%windir%\debug\netlogon.log
If this file does not appear shortly after it may be necessary to restart the netlogon service:
net stop netlogon
net start netlogon
When you are finished you can disable the verbose logging with:
Nltest /DBFlag:0x0
and again it may be necessary to restart the netlogon service:
net stop netlogon
net start netlogon
0 comments:
Post a Comment