AD account getting locked out everyday

Posted on 2012-08-20
Medium Priority
Last Modified: 2012-09-05
We set our lockout in AD to 10, then it caused a ton of problems so we set it back to 0 till we can get things under control.

But I have a user that is being locked out by a 2008 server 2-3 times a day.

I check the policy on the server and the lockout is set to 0.

so I cannot understand why the account is still being locked out.

Any thoughts
Question by:rdefino
  • 3
  • 2
LVL 12

Expert Comment

ID: 38314111
Is it a local server account or an Active Directory account? If its an AD account its the domain controller that locks the account out.

If its a local account then remember that the default domain policy will over-ride the local computer policy. Use the group policy modelling wizard (in the Group Policy Management console) or the results wizard to check the effective policies.

You really need to track down whats locking out the accounts. Have you downloaded the tools from here:-


and checked the security logs on the domain controller(s) for failed audit requests. It can be many things, smart phones trying to sync, AD passwords saved in the password store, logons left

Author Comment

ID: 38314116
It is an ad account and I already used eventcomb to see what system is locking it out. It's the 2008 that I mentioned in the post.
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 600 total points
ID: 38314144
Check to see if there are any services on that box that may be using that account.  You already know what box is the issue.  A network trace may also help out, more on that here



Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

LVL 12

Expert Comment

ID: 38314172
What roles does the box have? As well as services are there any schedulde tasks that are running as the user?

Author Comment

ID: 38343676
Is there and app that I can use to track what application is causing the lockout on a system?
LVL 12

Accepted Solution

Dave earned 600 total points
ID: 38344427
If you can pin it down to a time then you might be ablt to use TCPView (live.sysinternals.com) but if the appplication is using NT Authentication then it could be a kernal process that makes the connection.

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question