Solved

I have user that keeps getting locked out of Active Directory 2008r2

Posted on 2013-11-30
6
2,729 Views
1 Endorsement
Last Modified: 2013-12-20
I have a user that we recently required to change her password. She has an IPHONE, IPAD along with her laptop. After several days of making her change she continues to get locked out. Is there a way for me to trace what device is locking her? It sounds like her old password is still trying to connect somewhere, even though she swears she changed it in all the devices she has. I have been onto our DC and tried searching for her user name in the event viewer, but not had success. Where can I search to find out if she is actually being locked out by active directory and if possible which device or IP address the login attempts are coming from

thanks
1
Comment
Question by:Thor2923
6 Comments
 
LVL 14

Expert Comment

by:Ram Balachandran
ID: 39687179
There are several methods to fix this. Please refer existing solution from EE itself :
>>>>> CLICK HERE
l
0
 
LVL 78

Expert Comment

by:arnold
ID: 39687755
There is an account lockout tool from MS. that will search through the event log on all your DCs.

What is your environment have Exchange, remote access to email, Terminal server? Did the user recently change her password?
VPN
0
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 500 total points
ID: 39687811
If user id is getting frequently locked out use the Eventcomb LockoutStatus.exe to determine which DC it is being locked out upon then examine the security log of that domain controller to determine the member server or workstatuion it is occuring on. You can then check scheduled tasks/services to nail down or log user out of the system identified if logged in.On th DC check the security log event id 644(Win2003) or 4740(Win2k8) will occur if the account is getting locked.Open the event and check the caller Machine.

Note:If the event id 644/4740 has not occured then this mean that in audit policy user account management policy is not configured.

Does user involved has a smartphone or some kind of mobile device using AD credentials for connecting (like exchange), if it fails to connect 3 times (depending on your GPO's), it locks his account.Have a look on all his stuff using his user account automatically, specially his mobile (90% of the time guilty).

Troubleshooting account lockout the Microsoft PSS way:
http://blogs.technet.com/b/instan/archive/2009/09/01/troubleshooting-account-lockout-the-pss-way.aspx

Paul Bergson's User Account Lockout Troubleshooting
http://www.pbbergs.com/windows/articles/UserAccountLockoutTroubleshooting.html

Download the accountlockout tools and management pack to help resolve the issue.
http://www.microsoft.com/downloads/details.aspx?familyid=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en

Auditing failed logon events and account lockouts
http://technet.microsoft.com/en-us/library/cc671957(WS.10).aspx


You can also set the debug flag on NetLogon to track authentication.  "This creates a text file on the PDC that can be examined to determine which clients are generating the bad password attempts."
Enabling debug logging for the Net Logon service
http://support.microsoft.com/kb/109626

Using the checked Netlogon.dll to track account lockouts
http://support.microsoft.com/kb/189541

There may be many other causes for account locked out.
•user's account in stored user name and passwords
•user's account tied to persistent mapped drive
•user's account as a service account
•user's account used as an IIS application pool identity
•user's account tied to a scheduled task
•un-suspending a virtual machine after a user's pw as changed
•A SMARTPHONE!!!

For more refer KB article:http://technet.microsoft.com/en-us/library/cc773155(WS.10).aspx
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 9

Expert Comment

by:VirastaR
ID: 39688231
Hi,

Check this I guess this will be of additional help

Account Lockout in Windows 2008 R2

Hope that helps :)
0
 
LVL 1

Author Comment

by:Thor2923
ID: 39689735
sorry, I was away for the weekend...yes the user recently changed her password and has at least 3 "I devices" such as an IPHONE and IPAD. she has checked to make sure her password was reset in all of them but still having the issue. I will try to lockout tools suggested
0
 
LVL 78

Expert Comment

by:arnold
ID: 39689792
Have the user make sure she did not save her credentials on her system to access.
Control keymgr.dll
Does your environment include a Terminal server where the user has an old active session?
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article runs through the process of deploying a single EXE application selectively to a group of user.
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question