Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 9

monitor for locked user accounts

Is there a way for Orion to monitor and alert when a user account is locked in our Active Directory?

2 Replies
Level 13

You could probably use the windows event log template to check the Security log of the AD server for lockout related events:

  • Event ID 539 : Logon Failure: Account locked out
  • Event ID 644 : User account Locked out

(I got these event IDs from

I've never tried this, but...

You could use an Active Directory/LDAP monitor.  It will let you execute a LDAP query.  You should be able to query for the number of locked out users.