User's email account locks up three times a day.

This issue was reported to me by Helpdesk. I have no experience with Exchange, but only with AD management. I was wondering if the email account is locked, does that mean his Windows AD account is locked? If I unlock his AD account, does that unlock his Exchange email account?

How do I fix the issue where the user's account keep locking out? How would I look at audit logs, or check PCs or network shares he may be connected to? See attached screenshot about his AD account, seems interesting to me. Has anyone ever seen this (image attached)? If so, how can I fix this?
2015-01-16-16-10-44.png
joukiejoukAsked:
Who is Participating?
 
Will SzymkowskiConnect With a Mentor Senior Solution ArchitectCommented:
Exchange uses the active directory account for authentication. So if your AD account is locked out then so I your Exchange Mailbox.

Unlocking your AD account will allow access to your mailbox again.

Something that can lock an account out are...
-logged into other machines with applications open and they change there password.
-network drives that have cached passwords
-service accounts or scheduled tasks that have cached user passwords
-smart phones where the password is cached and the user update to a new password

From my experience this is usually caused by the user logged into another machine other than their own, and forgetting to log off or close applications. Another one that is common is smart phone email access because you have to have the password cached on the phone.

A great tool to use and I would highly recommend is AD Audit Plus.

AD Audit Plus


Will.
0
 
joukiejoukAuthor Commented:
Also, it would be nice if someone can recommend a tool that can track this. Perhaps a tool that will reduce the leg work.
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
Security Event Log should show the attempts. Devices are sometimes logged with it, in any case you get a timestamp and might be able to narrow down based on that.
0
Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

 
joukiejoukAuthor Commented:
How do I find out what machines the user may have a session on? How do i troubleshoot if there is a network session the user might have open?
0
 
joukiejoukAuthor Commented:
Also, the unlock account option is grayed out. Why is this? I cannot unlock his account.
0
 
Praveen Kumar BonalaConnect With a Mentor Programmer AnalystCommented:
I am agreeing with willszymkowski,
Account lockout tool from Microsoft will help you in this regards, this tool assist you to find where user account get locked and from which  DC user get locked. Following link explains you more about this tool
http://www.microsoft.com/en-us/download/details.aspx?id=18465
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
Download and install AD Audit Plus. As soon as you install this and point it to your security logs on the Domain Controllers it will tell you exactly what computer/device it is being locked out on.

Once you know what machine it is, it is pretty easy from there to figure out why it is being locked out.

Will.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.