asked on

Account Lockout

I have random users at random time that are getting lockout. I used TechNet tool "LockOutStatus" to figure out that the originating lockout DC is in one particular site. That site has our exchange server. I am thinking that a device like an tablet or phone is locking the device.

I used OWA to remove any uknown device from there account. The problem is still happening.

Is there a way to find out what computer or device is locking the AD account?

Brad Bouchard

I don't know about finding the device, but turn off ActiveSync for all users in Exchange and then see if these accounts get locked out again. If they don't, then your suspicion is true.

tmoore1962

Probably a device is attempting to connect to their owa account and failing.
Trying following instructions in this article to log exchange log in failures.
http://technet.microsoft.com/en-us/magazine/ff381463.aspx.

eMarketer75

ASKER

I can't disable ActiveSync at the moment.

eMarketer75

ASKER

I will try to enable auditing on the exchange servers. Thank you guys for the suggestions.

Md. Mojahid

Have you implement any GPO in your organization.

CodnameBlack

Yes, it is likely a device that is locking the account out. I would remove all devices for the users active sync, and have them re add the account.

eMarketer75

ASKER

@Md, Mojahid

Not in a few months.

eMarketer75

ASKER

I look the security logs on out DCS for even 4740 and found that the account was getting lock by a web server. I'm not sure why, but we are looking into it.

eMarketer75

ASKER

Also we are having the same problems with another domain. its part of a different forest. Can AD replication cause this?

Brad Bouchard

Should have if it's in a different domain, even in the same Forest.

ASKER CERTIFIED SOLUTION

eMarketer75

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial