Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 278
  • Last Modified:

User lockout in Active Directory Windows 2003

We have 2 users that get repeatedly locked out.  One of them has the issue multiple times per week and sometimes twice in the same day.  We have not been able to track it down.  We are not sure what additional logging we should be doing to identify this.  Most often the lockout occurs when this user is not accessing our network.

We have confirmed that all settings in their iPhone and iPad are correct.  We have also deleted entries on the iPhone and iPad an recreated them. This is not the only user with iPhone and iPad in our organization.
0
Polyfil
Asked:
Polyfil
  • 3
  • 3
  • 2
  • +1
1 Solution
 
AmitIT ArchitectCommented:
Here is MS tool
http://www.microsoft.com/en-us/download/details.aspx?id=18465
More to read here
http://msexchangeguru.com/2012/03/08/ad-lockout/

normally, if non of this works, i just rename the account. Goto Account tab in AD and change it from user to user1 that is the last remedy.
0
 
PolyfilAuthor Commented:
Power Shell support is not available in Exchange 2003.
0
 
Pramod UbheCommented:
Alockoutstatus.exe can give you the details from which dc it is locking out and you can check for that perticular security log on that dc for source of bad passwords.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
cbmmCommented:
Enable account lockout policy, when the account gets locked an event will be triggered in the event viewer. This will help in determining what device is causing the issue
0
 
PolyfilAuthor Commented:
We already have that set.  The event we are seeing is only at the point of lockout.  We don't see the bad password event that lead up to the lockout.  We have downloaded the lock out status monitor and it isn't showing the events either.
0
 
AmitIT ArchitectCommented:
I guess use last remedy, rename the account, it won't affect anything. Just goto Account tab and append 1 or whatever is your choice.
0
 
PolyfilAuthor Commented:
Won't that affect the user profile on the desktop?
0
 
cbmmCommented:
Look in the activesync server logs. %windows%\system32\LogFiles\W3SVC1

you can also refer to this locked out account ipad/iphone
0
 
AmitIT ArchitectCommented:
It won't affect user profile, if you have doubt, try out with a test account and check the result.
0

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 3
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now