There are a couple of built-in dashboard views that you could use to get this information. Under Complaince Views, select FISMA - Account Lockouts or 27002 - Account lockouts. Another view under Complaince, is 27002 - All Domain Acct logon Failures.. Under Executive views, there is a Critical Authentication Issues view. That one will show more than account lockouts.
1 of 1 people found this helpful
I suggest using Normalized IDs 405815296/18 and 405831680/18 as a filter on your domain controllers data to get acc locks & unlocks.