Our users at a particular site are receiving a strange account lockout problem where they will be working fine until their account locks out quite randomly.
there doesn't seem to be any pattern to this lockout, its very prevalant on a particular domain controller, but happens on all of them. The user will be working and will quite often notice that their account has locked by their browser telling them (bluecoat proxies run an agent on a dc to make sure user is allowed to browse).
This fix is a simple checkbox in AD U&C to unlock the account. But this is happening far too often to be a simple incorrect password. There are countless 675 errors on the DC in question and looking at them they all tell me bad password error. but im not sure i believe that the user is constantly entering a bad password. im wondering if a process is entering the bad password for them?
any ideas on what to look at to get to the bottom of this?