Send Knowledge Base Article
The article has been sent to your inbox successfully.
We never share your data
Account lockout events for domain administrator account
A report shows changes with details: “User Account Locked Out” for the domain administrator account.
KB1027 | Last review: Jun 29, 2017 | Netwrix Auditor for Active Directory | 5.0 and above
|Question||I get a report showing a change with details: “User Account Locked Out” for the domain administrator account, which cannot be locked out. What does this change mean?|
|Answer||The domain administrator account cannot be locked out. Windows may generate "false" lockout events triggered by changes that could potentially cause this account lockout based on your account policies. The event is generated as a result of the actions that were performed on the domain administrator account, for example that someone specified the domain administrator’s password incorrectly several times in a row.
Netwrix Auditor includes "false" lockout events in reports and alerts, while you may use Netwrix Account Lockout Examiner tool to find out the source of lockouts.
Was this information helpful?