Solved

User lockout in Active Directory Windows 2003

Posted on 2013-01-03
9
257 Views
Last Modified: 2013-01-07
We have 2 users that get repeatedly locked out.  One of them has the issue multiple times per week and sometimes twice in the same day.  We have not been able to track it down.  We are not sure what additional logging we should be doing to identify this.  Most often the lockout occurs when this user is not accessing our network.

We have confirmed that all settings in their iPhone and iPad are correct.  We have also deleted entries on the iPhone and iPad an recreated them. This is not the only user with iPhone and iPad in our organization.
0
Comment
Question by:Polyfil
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 42

Expert Comment

by:Amit
ID: 38739920
Here is MS tool
http://www.microsoft.com/en-us/download/details.aspx?id=18465
More to read here
http://msexchangeguru.com/2012/03/08/ad-lockout/

normally, if non of this works, i just rename the account. Goto Account tab in AD and change it from user to user1 that is the last remedy.
0
 

Author Comment

by:Polyfil
ID: 38740004
Power Shell support is not available in Exchange 2003.
0
 
LVL 10

Expert Comment

by:Pramod Ubhe
ID: 38740056
Alockoutstatus.exe can give you the details from which dc it is locking out and you can check for that perticular security log on that dc for source of bad passwords.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 10

Expert Comment

by:cbmm
ID: 38740072
Enable account lockout policy, when the account gets locked an event will be triggered in the event viewer. This will help in determining what device is causing the issue
0
 

Author Comment

by:Polyfil
ID: 38740140
We already have that set.  The event we are seeing is only at the point of lockout.  We don't see the bad password event that lead up to the lockout.  We have downloaded the lock out status monitor and it isn't showing the events either.
0
 
LVL 42

Expert Comment

by:Amit
ID: 38740150
I guess use last remedy, rename the account, it won't affect anything. Just goto Account tab and append 1 or whatever is your choice.
0
 

Author Comment

by:Polyfil
ID: 38740166
Won't that affect the user profile on the desktop?
0
 
LVL 10

Expert Comment

by:cbmm
ID: 38740182
Look in the activesync server logs. %windows%\system32\LogFiles\W3SVC1

you can also refer to this locked out account ipad/iphone
0
 
LVL 42

Accepted Solution

by:
Amit earned 500 total points
ID: 38740193
It won't affect user profile, if you have doubt, try out with a test account and check the result.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
how to add IIS SMTP to handle application/Scanner relays into office 365.

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question