Solved

Account Lockout AD

Posted on 2011-09-29
7
447 Views
Last Modified: 2012-06-21
I have a user in the Organization, where his account is getting Locked minimum 15 to 20 times a day

we are getting irritated unlocking his account everyday

Can any one suggest a solution and best tool to check the issue please ?


0
Comment
Question by:Babcy
7 Comments
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 100 total points
ID: 36816112
Microsoft makes some tools that can help, links to tools in this article

http://blogs.technet.com/b/instan/archive/2009/09/01/troubleshooting-account-lockout-the-pss-way.aspx

Is it only one user that is having this issue?

Thanks

Mike
0
 
LVL 70

Accepted Solution

by:
KCTS earned 200 total points
ID: 36816127
0
 
LVL 4

Assisted Solution

by:tflai
tflai earned 50 total points
ID: 36816154
The user is probably logged on to another machines with expired credential.  See if you can out if that is the case.
0
 

Author Comment

by:Babcy
ID: 36816290
Guys

i am currently using the AL tool.exe to unlock every time

And the Netwrix tool is not working in my Network
0
 
LVL 13

Assisted Solution

by:Govvy
Govvy earned 50 total points
ID: 36816434
Use the Eventcomb LockoutStatus.exe to determine which DC it is being locked out upon then examine the security log of that domain controller to determine the member server or workstatuion it is occuring on. You can then check scheduled tasks/services to nail down or log user out of the system identified if logged in
0
 
LVL 24

Assisted Solution

by:Sandeshdubey
Sandeshdubey earned 100 total points
ID: 36890059
You can run a query on your security logs on AD to show you what computer is trying to use it.  This would most likely give you a very good hint if it was a server holding a single role.

You could do something simple in powershell to get some raw data parsed out easily:

$Logs = get-eventlog "Security" | ?{$_.[column you choose].contains("Administrator")}
e.g
$Logs = get-eventlog "Security" | ?{$_.user.tostring().contains("Administrator")}

Try that and see if that works. You must use whatever account in the "quotes" that you're trying to look for.  I'm assuming the name of the account in administrator, but obviously that could change.Remember to run this on your domain controller.

Refernce:http://blogs.technet.com/b/heyscriptingguy/archive/2010/06/01/hey-scripting-guy-how-can-i-read-from-windows-event-logs-with-windows-powershell-2-0.aspx
0
 

Author Closing Comment

by:Babcy
ID: 36951317
Thanks All
0

Join & Write a Comment

Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now