How to use the EventCombMT utility to search event logs for account lockouts
To download the EventCombMT utility, visit the following Microsoft Web site: http://www.microsoft.com/downloads/details.aspx?FamilyID=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E To search the event logs for account lockouts, follow these steps: Start EventCombMT. With Domain admin account On the Options menu, click Set Output Directory , select an existing folder, or click New Folder to create a new folder to save the output to, and then click OK . Note If you do not specify an output directory, the default location is C:\Temp. On the Searches menu, point to Built In Searches , and then click Account Lockouts . All domain controllers for the domain appear in the Select To Search/Right Click To Add box. Also, in the Event IDs box, you see that event IDs 529, 644, 675, 676, and 681 are added. In the Event IDs box, type a space, and then type 4740 4625 after the last event nu...