user accout always looked after seconds

Posted on 2013-10-17
Medium Priority
Last Modified: 2013-10-28
Hi Experts,

I have a serious problem with one user account.
This account is locked in AD.
This happens always in some minutes.
The AD is win2008.
It happens also when the machine is not logged in to the domain.
Do you have any ideas to find out why its locked ?
Question by:Eprs_Admin
LVL 13

Assisted Solution

Alexios earned 500 total points
ID: 39579121

Author Comment

ID: 39579152
ok I have seen just to one DC we have this problem.
Access denied.

Author Comment

ID: 39579169
how to find out which service is causing it ?
Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!


Author Comment

ID: 39579171
this tools will not help me...

Author Comment

ID: 39579182
the kerkeros service always fails with error event ID: 4771
And the error code is : 0x12

This happens just to one user in our domain.

Author Comment

ID: 39579311
also when the machine is offline, the gets locked after some minutes.
very strange

Accepted Solution

Pankaj_401 earned 500 total points
ID: 39579684
There may be many causes for account locked out.
•      user's account in stored user name and passwords
•      user's account tied to persistent mapped drive
•      user's account as a service account
•      user's account used as an IIS application pool identity
•      user's account tied to a scheduled task
•      un-suspending a virtual machine after a user's pw as changed
•      Mobile devices

Also check some useful links : http://social.technet.microsoft.com/Forums/windowsserver/en-US/cddbf977-b98f-4783-8226-ebddab54d002/account-lockout?forum=winserverDS
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 500 total points
ID: 39580265
From most cases that i have delt with locked out accounts (several account lockouts) are due to user accounts acting as service accounts or users logged into other workstations/servers with disconnected sessions or Outlook opened on a workstation where it is asking for a password because the user has recently changed his/her password.

You can also use a tool called AD Audit Plus which will give you all of the information you need to see when/where/why the account is being locked out.

Not free software but they do have a fully featured free trial.
AD Audit Plus - http://www.manageengine.com/products/active-directory-audit/


Assisted Solution

big_daddy0690 earned 500 total points
ID: 39581751
This can be caused by a mobile device attempting to connect to sync mail. Had this happen multiple times in a Microsoft Exchange environment.

Author Comment

ID: 39590462
strange is it happens to more people in our organization.

Author Comment

ID: 39604997
ok now we disabled the accounts and recreated them.
There was no other way.

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
Sometimes it necessary to set special permissions on user objects.  For instance when using a Blackberry server, the SendAs permission needs to be set. I see many admins struggle with the setting that permission only to see it disappear within a few…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question