user accout always looked after seconds

Hi Experts,

I have a serious problem with one user account.
This account is locked in AD.
This happens always in some minutes.
The AD is win2008.
It happens also when the machine is not logged in to the domain.
Do you have any ideas to find out why its locked ?
Eprs_AdminSystem ArchitectAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Eprs_AdminSystem ArchitectAuthor Commented:
ok I have seen just to one DC we have this problem.
Access denied.
Eprs_AdminSystem ArchitectAuthor Commented:
how to find out which service is causing it ?
Turn Raw Data into a Real Career

There’s a growing demand for qualified analysts who can make sense of Big Data. With an MS in Data Analytics, you can become the data mining, management, mapping, and munging expert that today’s leading corporations desperately need.

Eprs_AdminSystem ArchitectAuthor Commented:
this tools will not help me...
Eprs_AdminSystem ArchitectAuthor Commented:
the kerkeros service always fails with error event ID: 4771
And the error code is : 0x12

This happens just to one user in our domain.
Eprs_AdminSystem ArchitectAuthor Commented:
also when the machine is offline, the gets locked after some minutes.
very strange
There may be many causes for account locked out.
•      user's account in stored user name and passwords
•      user's account tied to persistent mapped drive
•      user's account as a service account
•      user's account used as an IIS application pool identity
•      user's account tied to a scheduled task
•      un-suspending a virtual machine after a user's pw as changed
•      Mobile devices

Also check some useful links :

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Will SzymkowskiSenior Solution ArchitectCommented:
From most cases that i have delt with locked out accounts (several account lockouts) are due to user accounts acting as service accounts or users logged into other workstations/servers with disconnected sessions or Outlook opened on a workstation where it is asking for a password because the user has recently changed his/her password.

You can also use a tool called AD Audit Plus which will give you all of the information you need to see when/where/why the account is being locked out.

Not free software but they do have a fully featured free trial.
AD Audit Plus -

This can be caused by a mobile device attempting to connect to sync mail. Had this happen multiple times in a Microsoft Exchange environment.
Eprs_AdminSystem ArchitectAuthor Commented:
strange is it happens to more people in our organization.
Eprs_AdminSystem ArchitectAuthor Commented:
ok now we disabled the accounts and recreated them.
There was no other way.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.