Solved

I have user that keeps getting locked out of Active Directory 2008r2

Posted on 2013-11-30
6
2,769 Views
1 Endorsement
Last Modified: 2013-12-20
I have a user that we recently required to change her password. She has an IPHONE, IPAD along with her laptop. After several days of making her change she continues to get locked out. Is there a way for me to trace what device is locking her? It sounds like her old password is still trying to connect somewhere, even though she swears she changed it in all the devices she has. I have been onto our DC and tried searching for her user name in the event viewer, but not had success. Where can I search to find out if she is actually being locked out by active directory and if possible which device or IP address the login attempts are coming from

thanks
1
Comment
Question by:Thor2923
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 14

Expert Comment

by:Ram Balachandran
ID: 39687179
There are several methods to fix this. Please refer existing solution from EE itself :
>>>>> CLICK HERE
l
0
 
LVL 78

Expert Comment

by:arnold
ID: 39687755
There is an account lockout tool from MS. that will search through the event log on all your DCs.

What is your environment have Exchange, remote access to email, Terminal server? Did the user recently change her password?
VPN
0
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 500 total points
ID: 39687811
If user id is getting frequently locked out use the Eventcomb LockoutStatus.exe to determine which DC it is being locked out upon then examine the security log of that domain controller to determine the member server or workstatuion it is occuring on. You can then check scheduled tasks/services to nail down or log user out of the system identified if logged in.On th DC check the security log event id 644(Win2003) or 4740(Win2k8) will occur if the account is getting locked.Open the event and check the caller Machine.

Note:If the event id 644/4740 has not occured then this mean that in audit policy user account management policy is not configured.

Does user involved has a smartphone or some kind of mobile device using AD credentials for connecting (like exchange), if it fails to connect 3 times (depending on your GPO's), it locks his account.Have a look on all his stuff using his user account automatically, specially his mobile (90% of the time guilty).

Troubleshooting account lockout the Microsoft PSS way:
http://blogs.technet.com/b/instan/archive/2009/09/01/troubleshooting-account-lockout-the-pss-way.aspx

Paul Bergson's User Account Lockout Troubleshooting
http://www.pbbergs.com/windows/articles/UserAccountLockoutTroubleshooting.html

Download the accountlockout tools and management pack to help resolve the issue.
http://www.microsoft.com/downloads/details.aspx?familyid=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en

Auditing failed logon events and account lockouts
http://technet.microsoft.com/en-us/library/cc671957(WS.10).aspx


You can also set the debug flag on NetLogon to track authentication.  "This creates a text file on the PDC that can be examined to determine which clients are generating the bad password attempts."
Enabling debug logging for the Net Logon service
http://support.microsoft.com/kb/109626

Using the checked Netlogon.dll to track account lockouts
http://support.microsoft.com/kb/189541

There may be many other causes for account locked out.
•user's account in stored user name and passwords
•user's account tied to persistent mapped drive
•user's account as a service account
•user's account used as an IIS application pool identity
•user's account tied to a scheduled task
•un-suspending a virtual machine after a user's pw as changed
•A SMARTPHONE!!!

For more refer KB article:http://technet.microsoft.com/en-us/library/cc773155(WS.10).aspx
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 9

Expert Comment

by:VirastaR
ID: 39688231
Hi,

Check this I guess this will be of additional help

Account Lockout in Windows 2008 R2

Hope that helps :)
0
 
LVL 1

Author Comment

by:Thor2923
ID: 39689735
sorry, I was away for the weekend...yes the user recently changed her password and has at least 3 "I devices" such as an IPHONE and IPAD. she has checked to make sure her password was reset in all of them but still having the issue. I will try to lockout tools suggested
0
 
LVL 78

Expert Comment

by:arnold
ID: 39689792
Have the user make sure she did not save her credentials on her system to access.
Control keymgr.dll
Does your environment include a Terminal server where the user has an old active session?
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question