This is a new one on me and everyone I know: All my Windows Server 2003 R2 Active Directory user accounts appear locked out in ADUC but aren't, and the object properties show the option to unlock the accounts on the Account tab as disabled. No other properties on any other tabs seem to be affected. This is true even when logged in as the root admin account. Domain structure is pretty flat, one forest, one domain in the forest. Using a command line utility, I can unlock accounts that are actually locked out, and can enumerate all the user accounts without issue. Domain level GPO has account lock-out for 30 minutes after 3 tries, with count reset after 29 minutes. All FSMO roles held by 2003 server, with 3 Win 2K AD servers essentially acting as backups (migrating to 2003 across the board). The 2003 AD server has been in producton since August without issue. The Win 2k AD servers have been in production for anywhere from 2 to 5 years. No obvious errors in any of the event logs on any of the DCs. Please help!