Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 279
  • Last Modified:

User lockout in Active Directory Windows 2003

We have 2 users that get repeatedly locked out.  One of them has the issue multiple times per week and sometimes twice in the same day.  We have not been able to track it down.  We are not sure what additional logging we should be doing to identify this.  Most often the lockout occurs when this user is not accessing our network.

We have confirmed that all settings in their iPhone and iPad are correct.  We have also deleted entries on the iPhone and iPad an recreated them. This is not the only user with iPhone and iPad in our organization.
0
Polyfil
Asked:
Polyfil
  • 3
  • 3
  • 2
  • +1
1 Solution
 
AmitIT ArchitectCommented:
Here is MS tool
http://www.microsoft.com/en-us/download/details.aspx?id=18465
More to read here
http://msexchangeguru.com/2012/03/08/ad-lockout/

normally, if non of this works, i just rename the account. Goto Account tab in AD and change it from user to user1 that is the last remedy.
0
 
PolyfilAuthor Commented:
Power Shell support is not available in Exchange 2003.
0
 
Pramod UbheCommented:
Alockoutstatus.exe can give you the details from which dc it is locking out and you can check for that perticular security log on that dc for source of bad passwords.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
cbmmCommented:
Enable account lockout policy, when the account gets locked an event will be triggered in the event viewer. This will help in determining what device is causing the issue
0
 
PolyfilAuthor Commented:
We already have that set.  The event we are seeing is only at the point of lockout.  We don't see the bad password event that lead up to the lockout.  We have downloaded the lock out status monitor and it isn't showing the events either.
0
 
AmitIT ArchitectCommented:
I guess use last remedy, rename the account, it won't affect anything. Just goto Account tab and append 1 or whatever is your choice.
0
 
PolyfilAuthor Commented:
Won't that affect the user profile on the desktop?
0
 
cbmmCommented:
Look in the activesync server logs. %windows%\system32\LogFiles\W3SVC1

you can also refer to this locked out account ipad/iphone
0
 
AmitIT ArchitectCommented:
It won't affect user profile, if you have doubt, try out with a test account and check the result.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 3
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now