Monitoring NetLogon Logs
First, open up command prompt as an administrator and execute the following command:
Once done, execute the following command to turn off the debugging:
This logs every transaction made to the file: %windir%\debug\netlogon.log (note, you need to run notepad as an administrator to read this file).
Open File in Baretail and enable Highlighting for the following codes
0xc000006a – An invalid attempt to login has been made by the following user.
0xc0000234 – The user account has been automatically locked because too many invalid logon attempts or password change attempts have been requested.