Solved

User's email account locks up three times a day.

Posted on 2015-01-16
7
152 Views
Last Modified: 2015-01-20
This issue was reported to me by Helpdesk. I have no experience with Exchange, but only with AD management. I was wondering if the email account is locked, does that mean his Windows AD account is locked? If I unlock his AD account, does that unlock his Exchange email account?

How do I fix the issue where the user's account keep locking out? How would I look at audit logs, or check PCs or network shares he may be connected to? See attached screenshot about his AD account, seems interesting to me. Has anyone ever seen this (image attached)? If so, how can I fix this?
2015-01-16-16-10-44.png
0
Comment
Question by:joukiejouk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 

Author Comment

by:joukiejouk
ID: 40554895
Also, it would be nice if someone can recommend a tool that can track this. Perhaps a tool that will reduce the leg work.
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 300 total points
ID: 40555032
Exchange uses the active directory account for authentication. So if your AD account is locked out then so I your Exchange Mailbox.

Unlocking your AD account will allow access to your mailbox again.

Something that can lock an account out are...
-logged into other machines with applications open and they change there password.
-network drives that have cached passwords
-service accounts or scheduled tasks that have cached user passwords
-smart phones where the password is cached and the user update to a new password

From my experience this is usually caused by the user logged into another machine other than their own, and forgetting to log off or close applications. Another one that is common is smart phone email access because you have to have the password cached on the phone.

A great tool to use and I would highly recommend is AD Audit Plus.

AD Audit Plus


Will.
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 40555329
Security Event Log should show the attempts. Devices are sometimes logged with it, in any case you get a timestamp and might be able to narrow down based on that.
0
The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

 

Author Comment

by:joukiejouk
ID: 40555803
How do I find out what machines the user may have a session on? How do i troubleshoot if there is a network session the user might have open?
0
 

Author Comment

by:joukiejouk
ID: 40555883
Also, the unlock account option is grayed out. Why is this? I cannot unlock his account.
0
 
LVL 4

Assisted Solution

by:Praveen Kumar Bonala
Praveen Kumar Bonala earned 200 total points
ID: 40558843
I am agreeing with willszymkowski,
Account lockout tool from Microsoft will help you in this regards, this tool assist you to find where user account get locked and from which  DC user get locked. Following link explains you more about this tool
http://www.microsoft.com/en-us/download/details.aspx?id=18465
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40558848
Download and install AD Audit Plus. As soon as you install this and point it to your security logs on the Domain Controllers it will tell you exactly what computer/device it is being locked out on.

Once you know what machine it is, it is pretty easy from there to figure out why it is being locked out.

Will.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question