I just got slammed by Account Lockout Notifications for 8 accounts that are disabled in Active Directory, as well as two regular users. All of them have a BadPasswordTime attribute of years ago. Has anyone else seen similar issues with the ALE?
Account lockout notifications for disabled accounts
Posted 21 November 2018 - 03:15 PM
ALE collects 4740 event id from security event log of domain controller(s) and based on the event informs if an account is being locked, so you may try to find out those events and it might give you an idea why it is going on, let's say based on Caller computer name of event id you may figure out where the failed logon attempts have been occurred.
T2 Support Engineer