I've setup and event log monitor to watch for event id 4740 and that works properly. I'm trying to figure out how to get the username of the locked out account in the message of the email alert. ideas?
I am using the template (just uploaded to content sharing) which does this.
Works great!
Hi.
My glimpse at this makes me think that it checks for a single account. Correct? What I need is an alert whenever any AD account gets a lockout.
Thx.
I recommend you look at three templates below. Any of them should meet your requirements.
I know this is kind of old, but I'm trying to figure out how this template works. I've configured the script but I'm not sure how you actually tie it to the AD account? For other monitors you use, they get tied to a server name or IP...I seem to be missing something with this.
In the case of the Windows Server 2008-2012 Domain Controller Security. this template is assigned to the Domain Controller itself and will return the number of locked out users, disabled users, etc. For the specific details of which accounts are locked out and when you will find that information in the "User Account: Account was locked out" Windows Event Log Monitor component details view. "
Thanks but I was talking about the "Checks for a locked AD account" template.
Is there a way to create an alert and email from this template when an account gets locked? I have the template applied and can see the log viewer in solarwinds showing the event 4740 of an account getting locked. Instead of having to use the method of forwarding an event trap and all that, since this already has the info I hope there is a way to email an alert off it.
Thanks
