locked
Account Lockout Issue RRS feed

  • Question

  • Account Lockout Issue                  

    Hi All,

    I am suffering account lockout issue in my domain environment. We have windows 2008 R2 domain environment and windows xp & 7 on client workstation.  

    Yesterday one of user was facing account lockout issue. We did account unlock and as per the event his account got lockout from his own desktop but still unable to find root cause for account lockout issue. Then one local engineer went to user location and find local system time on user desktop was incorrect, it showed 2050. Engineer corrected system time after issue got resolved.

    Now question is how system time cause this account lockout issue. Is there any relation between system time and account lockout. As per my understanding if system has incorrect time then it will automatically sync with local DC and correct its own time and if system unable ti sync time then it won’t allow user to login in domain.

    Is there any specify tool for account lockout troubleshooting like ALtool which we used in windows 2003.

    Please provide me best steps which i can use to find root cause in any situation. 

    Please help me to find root cause of this situation.        
    Monday, March 16, 2015 3:12 AM

Answers


  • Is there any specify tool for account lockout troubleshooting like ALtool which we used in windows 2003.  

    I have it documented here:


    Mahdi Tehrani   |     |   www.mahditehrani.ir
    Please click on Propose As Answer or to mark this post as and helpful for other people.
    This posting is provided AS-IS with no warranties, and confers no rights.

    • Marked as answer by Rohan Paikade Monday, March 16, 2015 5:55 AM
    Monday, March 16, 2015 3:59 AM

  • How to identify exact reason to account lockout on workstation like which service or process user old password which cause account lockout.     

    I do not believe that time sync has effects on account lockouts. The base reason of the account lockout is badpwdcount attribute. Also after finding which system is locking the account, you should find the rest of the reasons yourself. Most tools drill down the problem until you find the source of the problem, after that you should search all services and credential manager etc. 

    Mahdi Tehrani   |     |   www.mahditehrani.ir
    Please click on Propose As Answer or to mark this post as and helpful for other people.
    This posting is provided AS-IS with no warranties, and confers no rights.

    • Marked as answer by Rohan Paikade Monday, March 16, 2015 2:08 PM
    Monday, March 16, 2015 8:32 AM

All replies


  • Is there any specify tool for account lockout troubleshooting like ALtool which we used in windows 2003.  

    I have it documented here:


    Mahdi Tehrani   |     |   www.mahditehrani.ir
    Please click on Propose As Answer or to mark this post as and helpful for other people.
    This posting is provided AS-IS with no warranties, and confers no rights.

    • Marked as answer by Rohan Paikade Monday, March 16, 2015 5:55 AM
    Monday, March 16, 2015 3:59 AM
  • Hello Mahdi,

    We would reccomd you to go with ADAduit Plus Tool which give the clear Analysis and Daily Reports.

    https://www.manageengine.com/products/active-directory-audit/

    Regards,

    Praveen

    ----------------------------------------------------------------------

    Remember to mark as helpful if you find my contribution useful or as an answer if it does answer your question.That will encourage me - and others - to take time out to help you Check out my latest blog posts @ Techrid.com

    Monday, March 16, 2015 4:59 AM
  • Hi Mahdi,

    Thanks for sharing valuable information.

    With respect of my question I would like to know does time sync issue effect account lockout?

    As per your blog, I just want to know after enabling Audit account logon event &Audit logon events  

    4740 event generated on DC and 4771 event generated on effected systems right?

    How to identify exact reason to account lockout on workstation like which service or process user old password which cause account lockout.      

    Does ALtool still work in windows 2008 or R2?


    Monday, March 16, 2015 6:04 AM

  • How to identify exact reason to account lockout on workstation like which service or process user old password which cause account lockout.     

    I do not believe that time sync has effects on account lockouts. The base reason of the account lockout is badpwdcount attribute. Also after finding which system is locking the account, you should find the rest of the reasons yourself. Most tools drill down the problem until you find the source of the problem, after that you should search all services and credential manager etc. 

    Mahdi Tehrani   |     |   www.mahditehrani.ir
    Please click on Propose As Answer or to mark this post as and helpful for other people.
    This posting is provided AS-IS with no warranties, and confers no rights.

    • Marked as answer by Rohan Paikade Monday, March 16, 2015 2:08 PM
    Monday, March 16, 2015 8:32 AM