We help IT Professionals succeed at work.

Domain user locked out

I have a user that his account will intermittently be locked out after a recent password change. We are running windows server 2008, the user has confirmed configuring his account on his iPhone, iPad, and Macbook Pro on his mac mail as well as iCal.

Because this is all happening after a password change, it leads us to believe that it is because we missed a device/program that is left configured with the old credentials.

Is there a utility or log or anything we could use to track ALL of the locations/devices/programs that connect to the server with a username so we can track down the rogue login failure?
Watch Question

Raymond PengSystems Engineer

Sandesh DubeyTechnical Lead
Top Expert 2011

Here are two toolsets that can help

It seems that  the user involved has a smartphone or some kind of mobile device using AD credentials for connecting (like exchange), if it fails to connect 3 times (depending on your GPO's), it locks his account.

Have a look on all his stuff using his user account automatically, specially his mobile (90% of the time guilty).


Yeah we checked his iPhone, iPad, Mac mail on Macbook Pro, and iCal on Macbook Pro. All were set up with the new credentials, but just the windows logs from what we could find didn't provide any detailed info to help us track down the culprit.

Thank you I will check those out.
We do have the same problem and we like to know : can we prevent lockouts by Ipad en Iphone when a user changes his password in AD and not on his mobile devices?
Director, Information Systems
Does this happen at a regular interval?  If not, it may be someone using his logon.

Have you turned on Account Logon auditing?  It will return an IP address for the attempt.  That may help you pin down where the logons are coming from.


Thats what i needed thank you!