none
Locked out user

    Question

  • I have a user locked out everyday recently and need to know power shell command to find out where individual is being locked out. I'm not really great at powershell so please help.
    • Moved by nzpcmad1 Monday, January 30, 2017 5:41 PM From ADFS
    Friday, January 27, 2017 5:38 PM

Answers

  • I have this script to troubleshoot a specific user:

    https://gallery.technet.microsoft.com/Troubleshoot-Account-Bad-4bf47940

    It finds all DC's where bad password attempts are recorded and outputs relevant information, like number of bad attempts, last logon, lockout time, etc. for each DC in the domain. Then you can review the logs on the DC where the lockout happened.


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    • Marked as answer by Chicojr Tuesday, January 31, 2017 2:29 PM
    Tuesday, January 31, 2017 1:33 PM

All replies

  • the most you will be able to get from a lockout is the AD server that processed the lock.

    Common issues for an account lock: 

    If your exchange is integrated, mobile accounts not updated with a new account password after password change.

    Services running as the user with cached credentials.

    Friday, January 27, 2017 5:44 PM
  • Hi Chicojr,

    check the event log and you can find why it is getting locked out

    the even ID - 644 and 4740. 

    Event ID 4740 will havethe detailed report like, where it is getting locked out i mean from which machine it is getting locked ..

    ------------------------------------------------------------------------------------------------------------------

    Best Regards,

    Surendar S

    if this is helpful please mark it so. Also if this solved your problem mark as answer.

    Tuesday, January 31, 2017 9:59 AM
  • Hi

     you can configure advanced audit policy to find the source;

    https://technet.microsoft.com/en-us/library/dd408940%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

    https://technet.microsoft.com/en-us/library/jj852202(v=ws.10).aspx

    and also you can check with these 3rd paty tools; lepide,netwrix....


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Tuesday, January 31, 2017 11:04 AM
  • I have a user locked out everyday recently and need to know power shell command to find out where individual is being locked out. I'm not really great at powershell so please help.

    You can ready my blog at find out yourself:


    Mahdi Tehrani   |     |   www.mahditehrani.ir
    Please click on Propose As Answer or to mark this post as and helpful for other people.
    This posting is provided AS-IS with no warranties, and confers no rights.

    Tuesday, January 31, 2017 11:05 AM
    Moderator
  • I have this script to troubleshoot a specific user:

    https://gallery.technet.microsoft.com/Troubleshoot-Account-Bad-4bf47940

    It finds all DC's where bad password attempts are recorded and outputs relevant information, like number of bad attempts, last logon, lockout time, etc. for each DC in the domain. Then you can review the logs on the DC where the lockout happened.


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    • Marked as answer by Chicojr Tuesday, January 31, 2017 2:29 PM
    Tuesday, January 31, 2017 1:33 PM