Solved

Account Lockout AD

Posted on 2011-09-29
7
455 Views
Last Modified: 2012-06-21
I have a user in the Organization, where his account is getting Locked minimum 15 to 20 times a day

we are getting irritated unlocking his account everyday

Can any one suggest a solution and best tool to check the issue please ?


0
Comment
Question by:Babcy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 100 total points
ID: 36816112
Microsoft makes some tools that can help, links to tools in this article

http://blogs.technet.com/b/instan/archive/2009/09/01/troubleshooting-account-lockout-the-pss-way.aspx

Is it only one user that is having this issue?

Thanks

Mike
0
 
LVL 70

Accepted Solution

by:
KCTS earned 200 total points
ID: 36816127
0
 
LVL 4

Assisted Solution

by:tflai
tflai earned 50 total points
ID: 36816154
The user is probably logged on to another machines with expired credential.  See if you can out if that is the case.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:Babcy
ID: 36816290
Guys

i am currently using the AL tool.exe to unlock every time

And the Netwrix tool is not working in my Network
0
 
LVL 13

Assisted Solution

by:Govvy
Govvy earned 50 total points
ID: 36816434
Use the Eventcomb LockoutStatus.exe to determine which DC it is being locked out upon then examine the security log of that domain controller to determine the member server or workstatuion it is occuring on. You can then check scheduled tasks/services to nail down or log user out of the system identified if logged in
0
 
LVL 24

Assisted Solution

by:Sandeshdubey
Sandeshdubey earned 100 total points
ID: 36890059
You can run a query on your security logs on AD to show you what computer is trying to use it.  This would most likely give you a very good hint if it was a server holding a single role.

You could do something simple in powershell to get some raw data parsed out easily:

$Logs = get-eventlog "Security" | ?{$_.[column you choose].contains("Administrator")}
e.g
$Logs = get-eventlog "Security" | ?{$_.user.tostring().contains("Administrator")}

Try that and see if that works. You must use whatever account in the "quotes" that you're trying to look for.  I'm assuming the name of the account in administrator, but obviously that could change.Remember to run this on your domain controller.

Refernce:http://blogs.technet.com/b/heyscriptingguy/archive/2010/06/01/hey-scripting-guy-how-can-i-read-from-windows-event-logs-with-windows-powershell-2-0.aspx
0
 

Author Closing Comment

by:Babcy
ID: 36951317
Thanks All
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article runs through the process of deploying a single EXE application selectively to a group of user.
A hard and fast method for reducing Active Directory Administrators members.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question