rdefino
asked on
AD account getting locked out everyday
We set our lockout in AD to 10, then it caused a ton of problems so we set it back to 0 till we can get things under control.
But I have a user that is being locked out by a 2008 server 2-3 times a day.
I check the policy on the server and the lockout is set to 0.
so I cannot understand why the account is still being locked out.
Any thoughts
But I have a user that is being locked out by a 2008 server 2-3 times a day.
I check the policy on the server and the lockout is set to 0.
so I cannot understand why the account is still being locked out.
Any thoughts
ASKER
It is an ad account and I already used eventcomb to see what system is locking it out. It's the 2008 that I mentioned in the post.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
What roles does the box have? As well as services are there any schedulde tasks that are running as the user?
ASKER
Is there and app that I can use to track what application is causing the lockout on a system?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If its a local account then remember that the default domain policy will over-ride the local computer policy. Use the group policy modelling wizard (in the Group Policy Management console) or the results wizard to check the effective policies.
You really need to track down whats locking out the accounts. Have you downloaded the tools from here:-
http://technet.microsoft.com/en-us/library/cc738772(v=ws.10).aspx
and checked the security logs on the domain controller(s) for failed audit requests. It can be many things, smart phones trying to sync, AD passwords saved in the password store, logons left