Account Lockout AD

I have a user in the Organization, where his account is getting Locked minimum 15 to 20 times a day

we are getting irritated unlocking his account everyday

Can any one suggest a solution and best tool to check the issue please ?


BabcyAsked:
Who is Participating?
 
Brian PiercePhotographerCommented:
0
 
Mike KlineCommented:
Microsoft makes some tools that can help, links to tools in this article

http://blogs.technet.com/b/instan/archive/2009/09/01/troubleshooting-account-lockout-the-pss-way.aspx

Is it only one user that is having this issue?

Thanks

Mike
0
 
tflaiCommented:
The user is probably logged on to another machines with expired credential.  See if you can out if that is the case.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
BabcyAuthor Commented:
Guys

i am currently using the AL tool.exe to unlock every time

And the Netwrix tool is not working in my Network
0
 
GovvyCommented:
Use the Eventcomb LockoutStatus.exe to determine which DC it is being locked out upon then examine the security log of that domain controller to determine the member server or workstatuion it is occuring on. You can then check scheduled tasks/services to nail down or log user out of the system identified if logged in
0
 
SandeshdubeySenior Server EngineerCommented:
You can run a query on your security logs on AD to show you what computer is trying to use it.  This would most likely give you a very good hint if it was a server holding a single role.

You could do something simple in powershell to get some raw data parsed out easily:

$Logs = get-eventlog "Security" | ?{$_.[column you choose].contains("Administrator")}
e.g
$Logs = get-eventlog "Security" | ?{$_.user.tostring().contains("Administrator")}

Try that and see if that works. You must use whatever account in the "quotes" that you're trying to look for.  I'm assuming the name of the account in administrator, but obviously that could change.Remember to run this on your domain controller.

Refernce:http://blogs.technet.com/b/heyscriptingguy/archive/2010/06/01/hey-scripting-guy-how-can-i-read-from-windows-event-logs-with-windows-powershell-2-0.aspx
0
 
BabcyAuthor Commented:
Thanks All
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.