Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Active directory account lock every time

Posted on 2010-11-15
11
Medium Priority
?
837 Views
Last Modified: 2012-06-21
Hi all,

I am on a domain 2003, DC are in standard version and SP2, and i have an issue about one account. This account is lock sometimes whitout (human) logon failure. I search in security logs but nothing i don't find lock log and logon failure.

Can you help me?
0
Comment
Question by:makanzore
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 3

Expert Comment

by:ketelhuis
ID: 34135062
Did you check all DCs event logs?
0
 

Author Comment

by:makanzore
ID: 34135105
I checked all dc in site
0
 
LVL 6

Expert Comment

by:ipajones
ID: 34135126
Does the user of this account have a mobile device with access to emails ?
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
LVL 2

Expert Comment

by:sudheendra2001
ID: 34135135
remove the paasword lockout policy and check. Beacuse if you have any password lock out policy and if he saved his password in any software and changed his password then this kind of problem will come.

In my case i saved my password in one toolbar then my account was locking every often.
0
 
LVL 15

Expert Comment

by:JBond2010
ID: 34135171
You need to be looking for Netlogon errors. DNS sounds like it is causing the issue. Check the PC and make sure it is using the correct ip addresses for DNS resolution.
0
 
LVL 24

Accepted Solution

by:
Awinish earned 2000 total points
ID: 34135261
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 34135630
Use the Account Lockout Status tool from microsoft to see which Server requested that the account is locked. Then check the Security log for details of that account which is being locked.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=D1A5ED1D-CD55-4829-A189-99515B0E90F7&displaylang=en
0
 

Author Comment

by:makanzore
ID: 34136511
No account have no mobile device and mailbox, it is a services account
I can't remove policy i am on production, and password didn't change and no body change it
I can't install any application on DC, so i try Account Lockout Status tool from my desktop and i have no result when i chose select target (with correct account)
0
 
LVL 24

Expert Comment

by:Awinish
ID: 34136957
Did you use netwrix tool?
0
 
LVL 26

Expert Comment

by:e_aravind
ID: 34137809
Want to try using the acctinfo.dll? to get more details about the account

Account Lockout and Management Tools
http://www.microsoft.com/downloads/en/details.aspx?FamilyId=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en

View Additional User Information in AD Users and Computers
http://www.petri.co.il/view_additional_user_information_in_aduc.htm
0
 
LVL 24

Expert Comment

by:Awinish
ID: 34137857
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the adminiā€¦

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question