====== Anmeldedienst Debug-Protokollierung ======

===== Enable netlogon logging for account lockout on Source DC =====

First Enable netlogon logs on source DC and review the log on lockout time, you find the lockout system/server details with IP address

  * Open CMD with Admin privilege (Command prompt)
  * Run below command
  * Nltest /DBFlag:2080FFFF
  * And run below commands to restart netlogon Service
  * net stop netlogon
  * net start netlogon

Wait for next lockout and open %windir%\debug\netlogon.log to review the logs

Also Read: [[http://www.windowstricks.in/2009/06/how-to-extract-bulk-object-from-ad-with.html|How to extract bulk object from AD with list of attributes (Part 1)]]

===== Further Analysis to trace the lockout system =====

Some time even netlogon logs point to different DC/server, in that case you have to enable Enable netlogon logs on that DC/server to find the source of lockout

In my experience, find the sample account lockout scenario

  * Child Domain DC showing the root Domain DC
  * Root Domain DC shows the Trusted Domain DC
  * Trusted Domain DC shows different DC from Same Domain
  * Again this DC shows exchange server
  * Exchange server shows the handheld device IP

All you have to do trace the lockout system by enabling netlogon logs to reach the actual lockout system

Also Read: [[http://www.windowstricks.in/windows-server-administrator-interview-questions-and-answers|Windows Server Administrator Interview Questions and Answers]]

[[http://www.windowstricks.in/2016/06/account-lockout-caller-computer-name-blank-cisco-workstation-domain-controller.html|Quelle]]

===== Debug-Protokollierung deaktivieren =====

  Nltest /DBFlag:0x0 

[[https://support.microsoft.com/de-de/help/109626/enabling-debug-logging-for-the-netlogon-service|Quelle]]

{{tag>[Anmeldedienst Netlogon Debug Protokoll]}}