• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 952
  • Last Modified:

Active directory account lock out

Hi,

One of my active directory account gets locked out frequently. How to know what is causing the account lock out.

--Thanks
0
NetworkAdmin24
Asked:
NetworkAdmin24
  • 5
  • 3
  • 2
1 Solution
 
Mike KlineCommented:
Start with the steps here

http://blogs.technet.com/b/instan/archive/2009/09/01/troubleshooting-account-lockout-the-pss-way.aspx

They have links to the account lockout and management tools.  If it is only one account then it is most likely using an old password somewhere.

Thanks

Mike
0
 
NetworkAdmin24Author Commented:
Hi mkline71,

I dont want to do any changes on the active directory, is there a tool where it shows which domain controller has locked the account and what is the source for the account lockout.

--Thanks
0
 
Mike KlineCommented:
You should not need to change AD, look at the tools in that article and there are other tools

http://www.netwrix.com/account_lockout_examiner.html

There could be a service for example or an old cached password for that account somewhere.

Thanks

Mike
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
NetworkAdmin24Author Commented:
Have tried the netwrix application to find out from where the account is frequently getting locked.

But the domain controller is not showing any reasons.

please advise

---Thanks
0
 
gurdeep1302Commented:
Hi,

The account getting locked is possible related to CONFICKER virus on that particular machine or the user profile infected with virus.
Try the following step:-

1.Figure out if one client machine / user or multiple machine / users are getting locked out.
2.Run a full virus scan in the network in off production hours
3.Check if all the machines are updated with latest windows update
4.Try the following KB -- http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=18465

Hope this helps !!!!!
0
 
gurdeep1302Commented:
Hi,

Try the following article as well http://support.microsoft.com/kb/824209
This tool will help you to figure out which machine is send the bad password and locking out the account.Most of the times the cached credentials send the bad machine password and causing the machine to lockout as the result of which you encounter failure event 529 in the security audit log.

Hope this helps !!!!
0
 
Mike KlineCommented:
If it is just one account it is most likely not conficker.

Thanks

Mike
0
 
NetworkAdmin24Author Commented:
Hi,

The account lock is for only ine account in the entire domain.

Also did try to use the tools mentioned above, which file will hold the results for the search in the output directory.

--Thanks
0
 
NetworkAdmin24Author Commented:
Have tried to search for last three days by setting the date range, how ever when i select the search
option and set the date for last three days. I am getting message saying no logs to search.

Please advise.

---Thanks
0
 
NetworkAdmin24Author Commented:
eventcombmt.exe is also not able to pick up any logs of the account log out. have run the exe as soon as i was able to see the account was locked out from active directory users and computers.

Any suggestions to resolve the issue.

--Thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 5
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now