Remove From My Forums

active directory account lockout issue

Question
0

Sign in to vote

I have 1 main AD server which is on windows 2003 R2 and all users are authenticated from this server and second ADC i.e backup ADC which is on windows 2003 R2, we have 3rd ADC on windows 2008 R2 which is created for Exchange 2010 on windows 2008R2,

Users are getting Account lock out issue randomly.

Can any one help on this.

Wednesday, November 12, 2014 10:07 AM

Answers

1

Sign in to vote
Greetings!

You can refer to my blog for a step-by-step on troubleshooting this problem:

Am I locked out? Where? How?

Regards.

Mahdi Tehrani | | www.mahditehrani.ir
Please click on Propose As Answer or to mark this post as and helpful for other people.
This posting is provided AS-IS with no warranties, and confers no rights.

How to query members of 'Local Administrators' group in all computers?
- Proposed as answer by Erin_zhou Friday, November 21, 2014 1:59 AM
- Marked as answer by Erin_zhou Tuesday, November 25, 2014 2:45 AM
Wednesday, November 12, 2014 10:24 AM
0

Sign in to vote
Hi,

You can start with the below threads to see if you have prepared to determine lockouts sources.

http://technet.microsoft.com/en-us/library/cc773155(v=ws.10).aspx

http://blogs.technet.com/b/heyscriptingguy/archive/2012/12/27/use-powershell-to-find-the-location-of-a-locked-out-user.aspx

Use Lokoutstatus from Altools (http://www.microsoft.com/en-us/download/details.aspx?id=18465) then check the source DC where lockouts are being reported. Use the event viewer on that DC and look for "failure audits" for that particular user acocunt or during that time frame reported on lockoutstatus. Use the event description to find the source workstations/server where the lockout is coming from and verify that server for any (disconnect RDP sessions, credentials manager, services running with domain accounts,applications,etc).

Hope this helps.

Regards,

Calin
- Proposed as answer by Erin_zhou Friday, November 21, 2014 1:59 AM
- Marked as answer by Erin_zhou Tuesday, November 25, 2014 2:45 AM
Wednesday, November 12, 2014 10:22 AM
0

Sign in to vote
I hope, The above mentioned suggestions would be helpful to resolve your concern.

However, you may also refer to this earlier discussed thread that has been resolved with some other valuable suggestions by experts : https://social.technet.microsoft.com/Forums/windowsserver/en-US/fdac3589-886c-4ba7-a49e-6a5e227679c7/active-directory-account-lockout-issues?forum=winserverDS
Carlo
- Proposed as answer by Erin_zhou Friday, November 21, 2014 1:59 AM
- Marked as answer by Erin_zhou Tuesday, November 25, 2014 2:45 AM
Thursday, November 13, 2014 9:39 AM

All replies

0

Sign in to vote
Hi,

You can start with the below threads to see if you have prepared to determine lockouts sources.

http://technet.microsoft.com/en-us/library/cc773155(v=ws.10).aspx

http://blogs.technet.com/b/heyscriptingguy/archive/2012/12/27/use-powershell-to-find-the-location-of-a-locked-out-user.aspx

Use Lokoutstatus from Altools (http://www.microsoft.com/en-us/download/details.aspx?id=18465) then check the source DC where lockouts are being reported. Use the event viewer on that DC and look for "failure audits" for that particular user acocunt or during that time frame reported on lockoutstatus. Use the event description to find the source workstations/server where the lockout is coming from and verify that server for any (disconnect RDP sessions, credentials manager, services running with domain accounts,applications,etc).

Hope this helps.

Regards,

Calin
- Proposed as answer by Erin_zhou Friday, November 21, 2014 1:59 AM
- Marked as answer by Erin_zhou Tuesday, November 25, 2014 2:45 AM
Wednesday, November 12, 2014 10:22 AM
1

Sign in to vote
Greetings!

You can refer to my blog for a step-by-step on troubleshooting this problem:

Am I locked out? Where? How?

Regards.

Mahdi Tehrani | | www.mahditehrani.ir
Please click on Propose As Answer or to mark this post as and helpful for other people.
This posting is provided AS-IS with no warranties, and confers no rights.

How to query members of 'Local Administrators' group in all computers?
- Proposed as answer by Erin_zhou Friday, November 21, 2014 1:59 AM
- Marked as answer by Erin_zhou Tuesday, November 25, 2014 2:45 AM
Wednesday, November 12, 2014 10:24 AM
0

Sign in to vote
I hope, The above mentioned suggestions would be helpful to resolve your concern.

However, you may also refer to this earlier discussed thread that has been resolved with some other valuable suggestions by experts : https://social.technet.microsoft.com/Forums/windowsserver/en-US/fdac3589-886c-4ba7-a49e-6a5e227679c7/active-directory-account-lockout-issues?forum=winserverDS
Carlo
- Proposed as answer by Erin_zhou Friday, November 21, 2014 1:59 AM
- Marked as answer by Erin_zhou Tuesday, November 25, 2014 2:45 AM
Thursday, November 13, 2014 9:39 AM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

active directory account lockout issue

Question

Answers

All replies