Domain Admin Account LockOut

Overview

This script monitors the Security log for recent account lockouts (Event ID 4740), checks if any Domain Admin accounts are affected, outputs detailed info about the locked accounts, if any Domain Admin is locked out in last 15 minutes. This retrieves and outputs detailed information including the username, last login time, lockout time, endpoint, and domain.

NOTE: This script has to be executed against Infrastructure masters only.

Sample Run

Play Button > Run Automation > Script

SampleRun1

Schedule this script against infrastructure master using the Condition to generate automatic tickets on domain account lockouts.

Dependencies

Solution : Domain Admin Account LockOut
Condition : Domain Admin Account LockOut
Ticket Template : Domain Admin Account LockOut

Automation Setup/Import

Automation Configuration

Output

Activity Details

Changelog

2025-10-17

Initial version of the document

Overview​

Sample Run​

Dependencies​

Automation Setup/Import​

Output​

Changelog​

2025-10-17​