Solved

Active directory account lock every time

Posted on 2010-11-15
11
830 Views
Last Modified: 2012-06-21
Hi all,

I am on a domain 2003, DC are in standard version and SP2, and i have an issue about one account. This account is lock sometimes whitout (human) logon failure. I search in security logs but nothing i don't find lock log and logon failure.

Can you help me?
0
Comment
Question by:makanzore
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 3

Expert Comment

by:ketelhuis
ID: 34135062
Did you check all DCs event logs?
0
 

Author Comment

by:makanzore
ID: 34135105
I checked all dc in site
0
 
LVL 6

Expert Comment

by:ipajones
ID: 34135126
Does the user of this account have a mobile device with access to emails ?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Expert Comment

by:sudheendra2001
ID: 34135135
remove the paasword lockout policy and check. Beacuse if you have any password lock out policy and if he saved his password in any software and changed his password then this kind of problem will come.

In my case i saved my password in one toolbar then my account was locking every often.
0
 
LVL 15

Expert Comment

by:JBond2010
ID: 34135171
You need to be looking for Netlogon errors. DNS sounds like it is causing the issue. Check the PC and make sure it is using the correct ip addresses for DNS resolution.
0
 
LVL 24

Accepted Solution

by:
Awinish earned 500 total points
ID: 34135261
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 34135630
Use the Account Lockout Status tool from microsoft to see which Server requested that the account is locked. Then check the Security log for details of that account which is being locked.

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=D1A5ED1D-CD55-4829-A189-99515B0E90F7&displaylang=en
0
 

Author Comment

by:makanzore
ID: 34136511
No account have no mobile device and mailbox, it is a services account
I can't remove policy i am on production, and password didn't change and no body change it
I can't install any application on DC, so i try Account Lockout Status tool from my desktop and i have no result when i chose select target (with correct account)
0
 
LVL 24

Expert Comment

by:Awinish
ID: 34136957
Did you use netwrix tool?
0
 
LVL 26

Expert Comment

by:e_aravind
ID: 34137809
Want to try using the acctinfo.dll? to get more details about the account

Account Lockout and Management Tools
http://www.microsoft.com/downloads/en/details.aspx?FamilyId=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en

View Additional User Information in AD Users and Computers
http://www.petri.co.il/view_additional_user_information_in_aduc.htm
0
 
LVL 24

Expert Comment

by:Awinish
ID: 34137857
0

Featured Post

Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The Nano Server Image Builder helps you create a custom Nano Server image and bootable USB media with the aid of a graphical interface. Based on the inputs you provide, it generates images for deployment and creates reusable PowerShell scripts that …
A recent project that involved parsing Tableau Desktop and Server log files to extract reusable user queries for use in other systems. I chose to use PowerShell to gather the data, and SharePoint to present it...
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question