User Account Lockouts and unlocks are missing from reports

This article describes the most common reason of Account Lockouts and Account Unlocks changes missing from reports.
Email It to Me Print this Page
Symptoms User Account Lockouts and Unlocks are missing and the corresponding reports are empty, even though some accounts are known to have been locked/unlocked in the selected period.
Daily summary reports also do not show any lockouts or unlocks.
Cause The most common reason for this issue is disabled Audit Account Management policy or some conflicts in policies.
Account lockouts, unlocks and Password resets are event-based changes which means that if the audit setting is disabled account lockouts will be detected but will not be included into reports or trigger alerts because there are no corresponding auditing events.
Resolution In order to resolve the issue we need to make sure that audit policy is configured correctly.

In the corresponding Group Policy Object (or Local policy if you configured auditing there)
  1. Go to Computer Configuration - Policies - Security Settings - Local Policies - Audit Policy
  2. Make sure Audit Account Management is set to Success
User-added image

If you use Advanced Audit Policy please check the following setting:
  1. Go to Computer Configuration - Policies - Security Settings - Advanced Audit Policy Configuration - Audit Policies - Account management
  2. Make sure Audit User Account Management is set to Success
User-added image

Even if Group Policy Object is configured correctly there might still be some conflicts that prevent GP from applying correctly.
To find out the effective audit policy on a DC, execute the following command

auditpol /get /category:*

In the output check that User Account Management is set to Success
User-added image

For more information on Group Policy and related issue refer to the following articles:
https://technet.microsoft.com/en-us/library/dd277403.aspx
http://blogs.technet.com/b/askds/archive/2011/03/11/getting-the-effective-audit-policy-in-windows-7-and-2008-r2.aspx
http://blogs.msdn.com/b/spatdsg/archive/2011/06/06/audit-policy-not-registering-audits.aspx
Was this information helpful?