Anmeldedienst Debug-Protokollierung

First Enable netlogon logs on source DC and review the log on lockout time, you find the lockout system/server details with IP address

• Open CMD with Admin privilege (Command prompt)
• Run below command
• Nltest /DBFlag:2080FFFF
• And run below commands to restart netlogon Service
• net stop netlogon
• net start netlogon

Wait for next lockout and open %windir%\debug\netlogon.log to review the logs

Also Read: How to extract bulk object from AD with list of attributes (Part 1)

Some time even netlogon logs point to different DC/server, in that case you have to enable Enable netlogon logs on that DC/server to find the source of lockout

In my experience, find the sample account lockout scenario

• Child Domain DC showing the root Domain DC
• Root Domain DC shows the Trusted Domain DC
• Trusted Domain DC shows different DC from Same Domain
• Again this DC shows exchange server
• Exchange server shows the handheld device IP

All you have to do trace the lockout system by enabling netlogon logs to reach the actual lockout system

Also Read: Windows Server Administrator Interview Questions and Answers

Quelle

Nltest /DBFlag:0x0 

Quelle