Solved

Account Lockout

Posted on 2014-04-04
12
26 Views
Last Modified: 2016-06-03
I have random users at random time that are getting lockout. I used TechNet tool "LockOutStatus" to figure out that the originating lockout DC is in one particular site. That site has our exchange server. I am thinking that a device like an tablet or phone is locking the device.

I used OWA to remove any uknown device from there account. The problem is still happening.

Is there a way to find out what computer or device is locking the AD account?
0
Comment
Question by:eMarketer75
12 Comments
 
LVL 17

Expert Comment

by:Brad Bouchard
Comment Utility
I don't know about finding the device, but turn off ActiveSync for all users in Exchange and then see if these accounts get locked out again.  If they don't, then your suspicion is true.
0
 
LVL 10

Expert Comment

by:tmoore1962
Comment Utility
Probably a device is attempting to connect to their owa account and failing.
Trying following instructions in this article to log exchange log in failures.
http://technet.microsoft.com/en-us/magazine/ff381463.aspx.
0
 

Author Comment

by:eMarketer75
Comment Utility
I can't disable ActiveSync at the moment.
0
 

Author Comment

by:eMarketer75
Comment Utility
I will try to enable auditing on the exchange servers.  Thank you guys for the suggestions.
0
 
LVL 12

Expert Comment

by:Md. Mojahid
Comment Utility
Have you implement any GPO in your organization.
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 

Expert Comment

by:CodnameBlack
Comment Utility
Yes, it is likely a device that is locking the account out.  I would remove all devices for the users active sync, and have them re add the account.
0
 

Author Comment

by:eMarketer75
Comment Utility
@Md, Mojahid

Not in a few months.
0
 

Author Comment

by:eMarketer75
Comment Utility
I look the security logs on out DCS for even 4740 and found that the account was getting lock by a web server. I'm not sure why, but we are looking into it.
0
 

Author Comment

by:eMarketer75
Comment Utility
Also we are having the same problems with another domain. its part of a different forest. Can AD replication cause this?
0
 
LVL 17

Expert Comment

by:Brad Bouchard
Comment Utility
Should have if it's in a different domain, even in the same Forest.
0
 

Accepted Solution

by:
eMarketer75 earned 0 total points
Comment Utility
I found out what was the problem. It seems that my problem has been related to different things. Such as users logging in our internal sites with wrong passwords, users that have Mail (mac) configured and never changed the client with the new password and administrators logging into servers and never logging out.

To fix the problem with administrators I set a gp to kill any session that have been disconnected for longer than an hour.

I also configured a task to run on all my DCs that will alert me when a users gets lockout. That help me identify the problem. The link is bellow for anyone else that has this problem.

http://www.gavinwill.me.uk/2012/08/automatic-notification-for-active-directory-account-lockouts/
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now