AD account locking for one user

Hi,

I have windows 2008 server with exchange 2010. One user account is getting locked continuously. If I change the password and try to login to OWA/ Outlook, it says password incorrect. If I check the account, it says the account is locked. Tried several times to unlock, but keeps on locking. The user is left the company and there is no system in his name.

How to find out from where the login request coming from, so that we can track and disable that request.
Thanks
kolathaya123Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
Here are some suggestions:

1.  Turn off all mobile devices the user might be using (mail configured will disable the account)
2.  Check user's PC to ensure there are no mapped drives using saved credentials
3.  Go to Control Panel, Credential Manager and delete save credentials
4.  Reboot, reset account and try again

Below is a good read:

http://social.technet.microsoft.com/Forums/windows/en-US/ced8eab6-87e2-4d20-9d18-7aaf5e9713a3/windows-7-clear-cached-credentials?forum=w7itpronetworking
0
kolathaya123Author Commented:
We found the system and now the system is off. and the account is not locking out
But still unable to login to owa/outlook. Getting msg password is wrong. We tried disabling and enabling the ad account, but still the same issue. Something strange. Only for this user
0
andrewcamaryCommented:
Please take a look into Account Lockout.Status tool available from Microsoft that can be a good approach to troubleshoot account lockout issue in your environment. It helps to diagnosis the root-cause and provide appropriate solution to resolve the issue in quick attempt. To gather more info, please checkout this : http://social.technet.microsoft.com/wiki/contents/articles/4585.account-locked-out-troubleshooting-eventcombmt.aspx
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

kolathaya123Author Commented:
as per my above post, now the account is not locking out. We checked this using the tool, But still unable to login to OWA/Outlook etc
0
Mohammed KhawajaManager - Infrastructure:  Information TechnologyCommented:
Check AD user properties and see what password age is set to.  Have you tried IISRESET on the web server.
0
kolathaya123Author Commented:
For all other users there is no issue. Only for one user the issue
0
SandeshdubeySenior Server EngineerCommented:
On thee DC check the security log event id 644(Win2003) or 4740(Win2k8) will occur if the account is getting locked. Open the event and check the caller Machine.If the event id 644/4740 has not occurred then this mean that in audit policy user account management policy is not configured.Configure the same and check if the events are occurring.

There may be many causes for account locked out.
•user's account in stored user name and passwords
•user's account tied to persistent mapped drive
•user's account as a service account
•user's account used as an IIS application pool identity
•user's account tied to a scheduled task
•un-suspending a virtual machine after a user's pw as changed
•A SMARTPHONE!!!

Troubleshooting account lockout the Microsoft PSS way:
http://blogs.technet.com/b/instan/archive/2009/09/01/troubleshooting-account-lockout-the-pss-way.aspx

You can also set the debug flag on NetLogon to track authentication.  "This creates a text file on the PDC that can be examined to determine which clients are generating the bad password attempts."
Enabling debug logging for the Net Logon service
http://support.microsoft.com/kb/109626

In Exchange management Shell run this:
Get-ActiveSyncDeviceStatistics -Mailbox username
This is going to return all the devices the user is using right now and past devices which have established connection with Exchange at least once.

Hope this helps
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.