Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Account Lockout AD

Posted on 2011-09-29
7
Medium Priority
?
464 Views
Last Modified: 2012-06-21
I have a user in the Organization, where his account is getting Locked minimum 15 to 20 times a day

we are getting irritated unlocking his account everyday

Can any one suggest a solution and best tool to check the issue please ?


0
Comment
Question by:Babcy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 300 total points
ID: 36816112
Microsoft makes some tools that can help, links to tools in this article

http://blogs.technet.com/b/instan/archive/2009/09/01/troubleshooting-account-lockout-the-pss-way.aspx

Is it only one user that is having this issue?

Thanks

Mike
0
 
LVL 70

Accepted Solution

by:
KCTS earned 600 total points
ID: 36816127
0
 
LVL 4

Assisted Solution

by:tflai
tflai earned 150 total points
ID: 36816154
The user is probably logged on to another machines with expired credential.  See if you can out if that is the case.
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 

Author Comment

by:Babcy
ID: 36816290
Guys

i am currently using the AL tool.exe to unlock every time

And the Netwrix tool is not working in my Network
0
 
LVL 13

Assisted Solution

by:Govvy
Govvy earned 150 total points
ID: 36816434
Use the Eventcomb LockoutStatus.exe to determine which DC it is being locked out upon then examine the security log of that domain controller to determine the member server or workstatuion it is occuring on. You can then check scheduled tasks/services to nail down or log user out of the system identified if logged in
0
 
LVL 24

Assisted Solution

by:Sandeshdubey
Sandeshdubey earned 300 total points
ID: 36890059
You can run a query on your security logs on AD to show you what computer is trying to use it.  This would most likely give you a very good hint if it was a server holding a single role.

You could do something simple in powershell to get some raw data parsed out easily:

$Logs = get-eventlog "Security" | ?{$_.[column you choose].contains("Administrator")}
e.g
$Logs = get-eventlog "Security" | ?{$_.user.tostring().contains("Administrator")}

Try that and see if that works. You must use whatever account in the "quotes" that you're trying to look for.  I'm assuming the name of the account in administrator, but obviously that could change.Remember to run this on your domain controller.

Refernce:http://blogs.technet.com/b/heyscriptingguy/archive/2010/06/01/hey-scripting-guy-how-can-i-read-from-windows-event-logs-with-windows-powershell-2-0.aspx
0
 

Author Closing Comment

by:Babcy
ID: 36951317
Thanks All
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question