Solved

I have user that keeps getting locked out of Active Directory 2008r2

Posted on 2013-11-30
6
2,683 Views
1 Endorsement
Last Modified: 2013-12-20
I have a user that we recently required to change her password. She has an IPHONE, IPAD along with her laptop. After several days of making her change she continues to get locked out. Is there a way for me to trace what device is locking her? It sounds like her old password is still trying to connect somewhere, even though she swears she changed it in all the devices she has. I have been onto our DC and tried searching for her user name in the event viewer, but not had success. Where can I search to find out if she is actually being locked out by active directory and if possible which device or IP address the login attempts are coming from

thanks
1
Comment
Question by:Thor2923
6 Comments
 
LVL 14

Expert Comment

by:Ram Balachandran
ID: 39687179
There are several methods to fix this. Please refer existing solution from EE itself :
>>>>> CLICK HERE
l
0
 
LVL 77

Expert Comment

by:arnold
ID: 39687755
There is an account lockout tool from MS. that will search through the event log on all your DCs.

What is your environment have Exchange, remote access to email, Terminal server? Did the user recently change her password?
VPN
0
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 500 total points
ID: 39687811
If user id is getting frequently locked out use the Eventcomb LockoutStatus.exe to determine which DC it is being locked out upon then examine the security log of that domain controller to determine the member server or workstatuion it is occuring on. You can then check scheduled tasks/services to nail down or log user out of the system identified if logged in.On th DC check the security log event id 644(Win2003) or 4740(Win2k8) will occur if the account is getting locked.Open the event and check the caller Machine.

Note:If the event id 644/4740 has not occured then this mean that in audit policy user account management policy is not configured.

Does user involved has a smartphone or some kind of mobile device using AD credentials for connecting (like exchange), if it fails to connect 3 times (depending on your GPO's), it locks his account.Have a look on all his stuff using his user account automatically, specially his mobile (90% of the time guilty).

Troubleshooting account lockout the Microsoft PSS way:
http://blogs.technet.com/b/instan/archive/2009/09/01/troubleshooting-account-lockout-the-pss-way.aspx

Paul Bergson's User Account Lockout Troubleshooting
http://www.pbbergs.com/windows/articles/UserAccountLockoutTroubleshooting.html

Download the accountlockout tools and management pack to help resolve the issue.
http://www.microsoft.com/downloads/details.aspx?familyid=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en

Auditing failed logon events and account lockouts
http://technet.microsoft.com/en-us/library/cc671957(WS.10).aspx


You can also set the debug flag on NetLogon to track authentication.  "This creates a text file on the PDC that can be examined to determine which clients are generating the bad password attempts."
Enabling debug logging for the Net Logon service
http://support.microsoft.com/kb/109626

Using the checked Netlogon.dll to track account lockouts
http://support.microsoft.com/kb/189541

There may be many other causes for account locked out.
•user's account in stored user name and passwords
•user's account tied to persistent mapped drive
•user's account as a service account
•user's account used as an IIS application pool identity
•user's account tied to a scheduled task
•un-suspending a virtual machine after a user's pw as changed
•A SMARTPHONE!!!

For more refer KB article:http://technet.microsoft.com/en-us/library/cc773155(WS.10).aspx
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 9

Expert Comment

by:VirastaR
ID: 39688231
Hi,

Check this I guess this will be of additional help

Account Lockout in Windows 2008 R2

Hope that helps :)
0
 
LVL 1

Author Comment

by:Thor2923
ID: 39689735
sorry, I was away for the weekend...yes the user recently changed her password and has at least 3 "I devices" such as an IPHONE and IPAD. she has checked to make sure her password was reset in all of them but still having the issue. I will try to lockout tools suggested
0
 
LVL 77

Expert Comment

by:arnold
ID: 39689792
Have the user make sure she did not save her credentials on her system to access.
Control keymgr.dll
Does your environment include a Terminal server where the user has an old active session?
0

Featured Post

Too many email signature changes to deal with?

Are you constantly being asked to update your organization's email signatures? Do they take up too much of your time? Wouldn't you love to be able to manage all signatures from one central location, easily design them and deploy them quickly to users. Well, you can!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Losing network connectivity 8 70
Undo a Print Server Setup 5 71
Windows IPv6 DHCP server 8 34
Disable NetBios Seeting via Group Policy 6 35
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now