Particular AD user account getting locked out RRS feed

  • Question

  • Hi,

    One Particular AD user account is getting locked out and we have checked security log found locked out event ID 4740 for that user but Caller Computer Name is blank/empty.(below screenshot for your reference)

    All domain controllers are running with 2012 r2.

    Already tried with Microsoft ALtool.exe but unable to trace the machine which sending bad credential which causing account lockout.

    caller computer name is blank only for one particular user account whereas other user which are getting locked out is coming with caller computer name.

    Kindly let me how to trace the machine which causing this particular user account getting locked out.


    Wednesday, June 8, 2016 12:58 PM


  • Hi Johnny,

    How frequent the lockout is happening ?

    if possible, shutdown the user machine, mobile, pad ...etc and observe.

    Also check for any VPN connections with old passwords.

    With network trace, identification chances are very less, but still u can try.

    Devaraj G | Technical solution architect

    • Edited by Devaraj G Tuesday, June 14, 2016 1:05 PM
    • Proposed as answer by Jay Gu Friday, July 8, 2016 10:38 AM
    • Marked as answer by Jay Gu Friday, July 8, 2016 10:38 AM
    Tuesday, June 14, 2016 1:03 PM

All replies