Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

User lockout in Active Directory Windows 2003

Posted on 2013-01-03
9
Medium Priority
?
275 Views
Last Modified: 2013-01-07
We have 2 users that get repeatedly locked out.  One of them has the issue multiple times per week and sometimes twice in the same day.  We have not been able to track it down.  We are not sure what additional logging we should be doing to identify this.  Most often the lockout occurs when this user is not accessing our network.

We have confirmed that all settings in their iPhone and iPad are correct.  We have also deleted entries on the iPhone and iPad an recreated them. This is not the only user with iPhone and iPad in our organization.
0
Comment
Question by:Polyfil
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 44

Expert Comment

by:Amit
ID: 38739920
Here is MS tool
http://www.microsoft.com/en-us/download/details.aspx?id=18465
More to read here
http://msexchangeguru.com/2012/03/08/ad-lockout/

normally, if non of this works, i just rename the account. Goto Account tab in AD and change it from user to user1 that is the last remedy.
0
 

Author Comment

by:Polyfil
ID: 38740004
Power Shell support is not available in Exchange 2003.
0
 
LVL 10

Expert Comment

by:Pramod Ubhe
ID: 38740056
Alockoutstatus.exe can give you the details from which dc it is locking out and you can check for that perticular security log on that dc for source of bad passwords.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 10

Expert Comment

by:cbmm
ID: 38740072
Enable account lockout policy, when the account gets locked an event will be triggered in the event viewer. This will help in determining what device is causing the issue
0
 

Author Comment

by:Polyfil
ID: 38740140
We already have that set.  The event we are seeing is only at the point of lockout.  We don't see the bad password event that lead up to the lockout.  We have downloaded the lock out status monitor and it isn't showing the events either.
0
 
LVL 44

Expert Comment

by:Amit
ID: 38740150
I guess use last remedy, rename the account, it won't affect anything. Just goto Account tab and append 1 or whatever is your choice.
0
 

Author Comment

by:Polyfil
ID: 38740166
Won't that affect the user profile on the desktop?
0
 
LVL 10

Expert Comment

by:cbmm
ID: 38740182
Look in the activesync server logs. %windows%\system32\LogFiles\W3SVC1

you can also refer to this locked out account ipad/iphone
0
 
LVL 44

Accepted Solution

by:
Amit earned 1000 total points
ID: 38740193
It won't affect user profile, if you have doubt, try out with a test account and check the result.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
Are you looking for the options available for exporting EDB files to PST? You may be confused as they are different in different Exchange versions. Here, I will discuss some options available.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question