Account Lockout AD

I have a user in the Organization, where his account is getting Locked minimum 15 to 20 times a day

we are getting irritated unlocking his account everyday

Can any one suggest a solution and best tool to check the issue please ?


BabcyAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
Mike KlineConnect With a Mentor Commented:
Microsoft makes some tools that can help, links to tools in this article

http://blogs.technet.com/b/instan/archive/2009/09/01/troubleshooting-account-lockout-the-pss-way.aspx

Is it only one user that is having this issue?

Thanks

Mike
0
 
tflaiConnect With a Mentor Commented:
The user is probably logged on to another machines with expired credential.  See if you can out if that is the case.
0
Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

 
BabcyAuthor Commented:
Guys

i am currently using the AL tool.exe to unlock every time

And the Netwrix tool is not working in my Network
0
 
GovvyConnect With a Mentor Commented:
Use the Eventcomb LockoutStatus.exe to determine which DC it is being locked out upon then examine the security log of that domain controller to determine the member server or workstatuion it is occuring on. You can then check scheduled tasks/services to nail down or log user out of the system identified if logged in
0
 
SandeshdubeyConnect With a Mentor Senior Server EngineerCommented:
You can run a query on your security logs on AD to show you what computer is trying to use it.  This would most likely give you a very good hint if it was a server holding a single role.

You could do something simple in powershell to get some raw data parsed out easily:

$Logs = get-eventlog "Security" | ?{$_.[column you choose].contains("Administrator")}
e.g
$Logs = get-eventlog "Security" | ?{$_.user.tostring().contains("Administrator")}

Try that and see if that works. You must use whatever account in the "quotes" that you're trying to look for.  I'm assuming the name of the account in administrator, but obviously that could change.Remember to run this on your domain controller.

Refernce:http://blogs.technet.com/b/heyscriptingguy/archive/2010/06/01/hey-scripting-guy-how-can-i-read-from-windows-event-logs-with-windows-powershell-2-0.aspx
0
 
BabcyAuthor Commented:
Thanks All
0
All Courses

From novice to tech pro — start learning today.