Remove From My Forums

ACCOUNTS BEING LOCKED OUT

Question
0

Sign in to vote

Hi all,

having a nightmare here.

For some reason, random user accounts are suddenly being locked out.

We are running AD FS, I have had MS check out the AD FS side of things and they are saying it is def something to do with the internal active directory.

I can see there is a GPO for account lockout which is set to 5 invalid logon attempts. I don't want to disable this really.

There are 3 domain controllers in the environment.

I am told some of the accounts that are becoming locked out are accounts that are not even used / or used frequently like the guest account and a domain admin account that is used by IT for support.

I just cannot work out what is causing the lock outs.

Any help would be greatly appreciated.

Thanks

Thursday, May 5, 2016 11:46 AM

Answers

0

Sign in to vote
New tools to troubleshoot this in Windows Server 2008 R2,called dsac.exe which is the "Active Directory Administration Centre"..check the article for,

https://blogs.technet.microsoft.com/askds/2011/04/12/you-probably-dont-need-acctinfo2-dll/
This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur
- Proposed as answer by Alvwan Monday, May 9, 2016 2:21 AM
- Marked as answer by Alvwan Thursday, May 12, 2016 8:43 AM
Thursday, May 5, 2016 12:25 PM
0

Sign in to vote
I cant get the lockout status tool to run on windows server 2008 r2 - is this normal? Yes.

Have look here for : https://blogs.technet.microsoft.com/askds/2011/04/12/you-probably-dont-need-acctinfo2-dll/

Added to that, you may also need to check for Malware infection in your Environment. (Conflicker virus creates random lockouts.)

check if the computer is infected by viruses, Read this KB about Win32/Conficker worm:http://support.microsoft.com/kb/962007

Devaraj G | Technical solution architect
- Proposed as answer by Alvwan Monday, May 9, 2016 2:21 AM
- Marked as answer by Alvwan Thursday, May 12, 2016 8:43 AM
Thursday, May 5, 2016 12:36 PM
0

Sign in to vote
Please check this article which provides step-wise instructions to identify the source of random account lockout : https://community.spiceworks.com/how_to/128213-identify-the-source-of-account-lockouts-in-active-directory

I hope, it should help you to work around your circumstance.
Carlo
- Proposed as answer by Alvwan Monday, May 9, 2016 2:21 AM
- Marked as answer by Alvwan Thursday, May 12, 2016 8:44 AM
Friday, May 6, 2016 8:01 AM

All replies

0

Sign in to vote

Hi

These are possibilies about lockout issue,

-Mapped network drives
-Logon scripts that map network drives
-RunAs shortcuts
-Accounts that are used for service account logons
-Processes on the client computers
-Programs that may pass user credentials to a centralized network program or middle-tier application layer
-Active sync devices (cell phone,etc..)

You should check with Account Lockout Status tool ; https://www.microsoft.com/en-us/download/details.aspx?id=18465

Also check the article for details and account lockout tool ; https://technet.microsoft.com/en-us/library/cc738772%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396
This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

Thursday, May 5, 2016 11:52 AM
0

Sign in to vote

very helpful thank you! I will go and have a go at that list!

Thanks again.

Thursday, May 5, 2016 12:07 PM
0

Sign in to vote

I cant get the lockout status tool to run on windows server 2008 r2 - is this normal?

Thursday, May 5, 2016 12:17 PM
0

Sign in to vote
New tools to troubleshoot this in Windows Server 2008 R2,called dsac.exe which is the "Active Directory Administration Centre"..check the article for,

https://blogs.technet.microsoft.com/askds/2011/04/12/you-probably-dont-need-acctinfo2-dll/
This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur
- Proposed as answer by Alvwan Monday, May 9, 2016 2:21 AM
- Marked as answer by Alvwan Thursday, May 12, 2016 8:43 AM
Thursday, May 5, 2016 12:25 PM
0

Sign in to vote
I cant get the lockout status tool to run on windows server 2008 r2 - is this normal? Yes.

Have look here for : https://blogs.technet.microsoft.com/askds/2011/04/12/you-probably-dont-need-acctinfo2-dll/

Added to that, you may also need to check for Malware infection in your Environment. (Conflicker virus creates random lockouts.)

check if the computer is infected by viruses, Read this KB about Win32/Conficker worm:http://support.microsoft.com/kb/962007

Devaraj G | Technical solution architect
- Proposed as answer by Alvwan Monday, May 9, 2016 2:21 AM
- Marked as answer by Alvwan Thursday, May 12, 2016 8:43 AM
Thursday, May 5, 2016 12:36 PM
0

Sign in to vote
Please check this article which provides step-wise instructions to identify the source of random account lockout : https://community.spiceworks.com/how_to/128213-identify-the-source-of-account-lockouts-in-active-directory

I hope, it should help you to work around your circumstance.
Carlo
- Proposed as answer by Alvwan Monday, May 9, 2016 2:21 AM
- Marked as answer by Alvwan Thursday, May 12, 2016 8:44 AM
Friday, May 6, 2016 8:01 AM
0

Sign in to vote

Hi,

Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

Best Regards,

Alvin Wang
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

Monday, May 9, 2016 2:21 AM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

ACCOUNTS BEING LOCKED OUT

Question

Answers

All replies