Active Directory User Management – Additional Info
Posted by Brajesh Panda on December 27, 2009
Account Lockout and Management Tools from Microsoft has a fantastic tool for AD user related management. Hey don’t worry it is freely available for download. Here is a screen of all tools which were included in this package.
Description of Tools from Microsoft
AcctInfo.dll. Helps isolate and troubleshoot account lockouts and to change a user’s password on a domain controller in that user’s site. It works by adding new property pages to user objects in the Active Directory Users and Computers Microsoft Management Console (MMC).
ALockout.dll. On the client computer, helps determine a process or application that is sending wrong credentials. Caution: Do not use this tool on servers that host network applications or services. Also, you should not use ALockout.dll on Exchange servers, because it may prevent the Exchange store from starting.
ALoInfo.exe. Displays all user account names and the age of their passwords.
EnableKerbLog.vbs. Used as a startup script, allows Kerberos to log on to all your clients that run Windows 2000 and later.
EventCombMT.exe. Gathers specific events from event logs of several different machines to one central location.
LockoutStatus.exe. Determines all the domain controllers that are involved in a lockout of a user in order to assist in gathering the logs. LockoutStatus.exe uses the NLParse.exe tool to parse Netlogon logs for specific Netlogon return status codes. It directs the output to a comma-separated value (.csv) file that you can sort further, if needed.
NLParse.exe. Used to extract and display desired entries from the Netlogon log files.
Out of these tools; I like Acctinfo.dll & Lockoutstatus.exe. Register acctinfo.dll using regsvr32 command & then open ADUC console on your administrative workstation. Open any user account properties
you will able to see a new tab called “Additional Account Info”. Most of the attributes are self explanatory, right J