?
Solved

Account Lockout

Posted on 2014-04-04
12
Medium Priority
?
41 Views
Last Modified: 2016-06-03
I have random users at random time that are getting lockout. I used TechNet tool "LockOutStatus" to figure out that the originating lockout DC is in one particular site. That site has our exchange server. I am thinking that a device like an tablet or phone is locking the device.

I used OWA to remove any uknown device from there account. The problem is still happening.

Is there a way to find out what computer or device is locking the AD account?
0
Comment
Question by:eMarketer75
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
12 Comments
 
LVL 17

Expert Comment

by:Brad Bouchard
ID: 39978567
I don't know about finding the device, but turn off ActiveSync for all users in Exchange and then see if these accounts get locked out again.  If they don't, then your suspicion is true.
0
 
LVL 10

Expert Comment

by:tmoore1962
ID: 39978580
Probably a device is attempting to connect to their owa account and failing.
Trying following instructions in this article to log exchange log in failures.
http://technet.microsoft.com/en-us/magazine/ff381463.aspx.
0
 

Author Comment

by:eMarketer75
ID: 39978592
I can't disable ActiveSync at the moment.
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 

Author Comment

by:eMarketer75
ID: 39978598
I will try to enable auditing on the exchange servers.  Thank you guys for the suggestions.
0
 
LVL 12

Expert Comment

by:Md. Mojahid
ID: 39979877
Have you implement any GPO in your organization.
0
 

Expert Comment

by:CodnameBlack
ID: 39980221
Yes, it is likely a device that is locking the account out.  I would remove all devices for the users active sync, and have them re add the account.
0
 

Author Comment

by:eMarketer75
ID: 39984375
@Md, Mojahid

Not in a few months.
0
 

Author Comment

by:eMarketer75
ID: 39984380
I look the security logs on out DCS for even 4740 and found that the account was getting lock by a web server. I'm not sure why, but we are looking into it.
0
 

Author Comment

by:eMarketer75
ID: 39984387
Also we are having the same problems with another domain. its part of a different forest. Can AD replication cause this?
0
 
LVL 17

Expert Comment

by:Brad Bouchard
ID: 39984455
Should have if it's in a different domain, even in the same Forest.
0
 

Accepted Solution

by:
eMarketer75 earned 0 total points
ID: 40004406
I found out what was the problem. It seems that my problem has been related to different things. Such as users logging in our internal sites with wrong passwords, users that have Mail (mac) configured and never changed the client with the new password and administrators logging into servers and never logging out.

To fix the problem with administrators I set a gp to kill any session that have been disconnected for longer than an hour.

I also configured a task to run on all my DCs that will alert me when a users gets lockout. That help me identify the problem. The link is bellow for anyone else that has this problem.

http://www.gavinwill.me.uk/2012/08/automatic-notification-for-active-directory-account-lockouts/
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses
Course of the Month14 days, 18 hours left to enroll

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question