?
Solved

User lockout in Active Directory Windows 2003

Posted on 2013-01-03
9
Medium Priority
?
272 Views
Last Modified: 2013-01-07
We have 2 users that get repeatedly locked out.  One of them has the issue multiple times per week and sometimes twice in the same day.  We have not been able to track it down.  We are not sure what additional logging we should be doing to identify this.  Most often the lockout occurs when this user is not accessing our network.

We have confirmed that all settings in their iPhone and iPad are correct.  We have also deleted entries on the iPhone and iPad an recreated them. This is not the only user with iPhone and iPad in our organization.
0
Comment
Question by:Polyfil
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 44

Expert Comment

by:Amit
ID: 38739920
Here is MS tool
http://www.microsoft.com/en-us/download/details.aspx?id=18465
More to read here
http://msexchangeguru.com/2012/03/08/ad-lockout/

normally, if non of this works, i just rename the account. Goto Account tab in AD and change it from user to user1 that is the last remedy.
0
 

Author Comment

by:Polyfil
ID: 38740004
Power Shell support is not available in Exchange 2003.
0
 
LVL 10

Expert Comment

by:Pramod Ubhe
ID: 38740056
Alockoutstatus.exe can give you the details from which dc it is locking out and you can check for that perticular security log on that dc for source of bad passwords.
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 10

Expert Comment

by:cbmm
ID: 38740072
Enable account lockout policy, when the account gets locked an event will be triggered in the event viewer. This will help in determining what device is causing the issue
0
 

Author Comment

by:Polyfil
ID: 38740140
We already have that set.  The event we are seeing is only at the point of lockout.  We don't see the bad password event that lead up to the lockout.  We have downloaded the lock out status monitor and it isn't showing the events either.
0
 
LVL 44

Expert Comment

by:Amit
ID: 38740150
I guess use last remedy, rename the account, it won't affect anything. Just goto Account tab and append 1 or whatever is your choice.
0
 

Author Comment

by:Polyfil
ID: 38740166
Won't that affect the user profile on the desktop?
0
 
LVL 10

Expert Comment

by:cbmm
ID: 38740182
Look in the activesync server logs. %windows%\system32\LogFiles\W3SVC1

you can also refer to this locked out account ipad/iphone
0
 
LVL 44

Accepted Solution

by:
Amit earned 1000 total points
ID: 38740193
It won't affect user profile, if you have doubt, try out with a test account and check the result.
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Suggested Courses
Course of the Month10 days, 16 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question