Solved

I have user that keeps getting locked out of Active Directory 2008r2

Posted on 2013-11-30
6
2,754 Views
1 Endorsement
Last Modified: 2013-12-20
I have a user that we recently required to change her password. She has an IPHONE, IPAD along with her laptop. After several days of making her change she continues to get locked out. Is there a way for me to trace what device is locking her? It sounds like her old password is still trying to connect somewhere, even though she swears she changed it in all the devices she has. I have been onto our DC and tried searching for her user name in the event viewer, but not had success. Where can I search to find out if she is actually being locked out by active directory and if possible which device or IP address the login attempts are coming from

thanks
1
Comment
Question by:Thor2923
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 14

Expert Comment

by:Ram Balachandran
ID: 39687179
There are several methods to fix this. Please refer existing solution from EE itself :
>>>>> CLICK HERE
l
0
 
LVL 78

Expert Comment

by:arnold
ID: 39687755
There is an account lockout tool from MS. that will search through the event log on all your DCs.

What is your environment have Exchange, remote access to email, Terminal server? Did the user recently change her password?
VPN
0
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 500 total points
ID: 39687811
If user id is getting frequently locked out use the Eventcomb LockoutStatus.exe to determine which DC it is being locked out upon then examine the security log of that domain controller to determine the member server or workstatuion it is occuring on. You can then check scheduled tasks/services to nail down or log user out of the system identified if logged in.On th DC check the security log event id 644(Win2003) or 4740(Win2k8) will occur if the account is getting locked.Open the event and check the caller Machine.

Note:If the event id 644/4740 has not occured then this mean that in audit policy user account management policy is not configured.

Does user involved has a smartphone or some kind of mobile device using AD credentials for connecting (like exchange), if it fails to connect 3 times (depending on your GPO's), it locks his account.Have a look on all his stuff using his user account automatically, specially his mobile (90% of the time guilty).

Troubleshooting account lockout the Microsoft PSS way:
http://blogs.technet.com/b/instan/archive/2009/09/01/troubleshooting-account-lockout-the-pss-way.aspx

Paul Bergson's User Account Lockout Troubleshooting
http://www.pbbergs.com/windows/articles/UserAccountLockoutTroubleshooting.html

Download the accountlockout tools and management pack to help resolve the issue.
http://www.microsoft.com/downloads/details.aspx?familyid=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en

Auditing failed logon events and account lockouts
http://technet.microsoft.com/en-us/library/cc671957(WS.10).aspx


You can also set the debug flag on NetLogon to track authentication.  "This creates a text file on the PDC that can be examined to determine which clients are generating the bad password attempts."
Enabling debug logging for the Net Logon service
http://support.microsoft.com/kb/109626

Using the checked Netlogon.dll to track account lockouts
http://support.microsoft.com/kb/189541

There may be many other causes for account locked out.
•user's account in stored user name and passwords
•user's account tied to persistent mapped drive
•user's account as a service account
•user's account used as an IIS application pool identity
•user's account tied to a scheduled task
•un-suspending a virtual machine after a user's pw as changed
•A SMARTPHONE!!!

For more refer KB article:http://technet.microsoft.com/en-us/library/cc773155(WS.10).aspx
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 9

Expert Comment

by:VirastaR
ID: 39688231
Hi,

Check this I guess this will be of additional help

Account Lockout in Windows 2008 R2

Hope that helps :)
0
 
LVL 1

Author Comment

by:Thor2923
ID: 39689735
sorry, I was away for the weekend...yes the user recently changed her password and has at least 3 "I devices" such as an IPHONE and IPAD. she has checked to make sure her password was reset in all of them but still having the issue. I will try to lockout tools suggested
0
 
LVL 78

Expert Comment

by:arnold
ID: 39689792
Have the user make sure she did not save her credentials on her system to access.
Control keymgr.dll
Does your environment include a Terminal server where the user has an old active session?
0

Featured Post

Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question