Why are my AD users are getting locked out of accounts randomly?

I have a AD network at functional level 2008 and (2) DC's currently running Windows Server 2012 R2.  Prior to promoting those servers, my users were getting randomly locked out of AD, so I made the transition to the new domain controllers.  I have not raised the function level as of yet to 2012.  I did implement many of my users with new email hosting (some exchange and some POP/IMAP), it seems to have started around the same time.

My hosted exchange is not integrated into my AD.
LVL 1
Joe SpradlinIT ManagerAsked:
Who is Participating?
 
R. Toby RichardsNetwork AdministratorCommented:
The only suggestion I have is to dig into the security logs on the DC, and see when, and from what devices users are being locked out.
0
 
Paul MacDonaldDirector, Information SystemsCommented:
I've seen script kiddies "hack" servers, sites, and domains using software that tries to guess passwords for common user names.  Consequently, if you have a user named "paul", and I try to log in as paul, and I fail enough times, I'm going to lock his account.

Another possibility is if a user has changed their password, but not updated any devices that use the old password, this can lead to lock-outs too.  So if I have a phone or tablet that pulls e-mail for me, and it's using an old password, it can lock me out as well.
0
 
R. Toby RichardsNetwork AdministratorCommented:
His Exchange is on a different domain.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
Joe SpradlinIT ManagerAuthor Commented:
You are correct Mr. Richards.  It is hosted.
0
 
Joe SpradlinIT ManagerAuthor Commented:
Got ya...I will try that.
0
 
R. Toby RichardsNetwork AdministratorCommented:
If you have a log retention product, then that will make the task easier. I use the free version of Splunk, which is pretty slick. While extremely outdated, I use the last version of Splunk 3.x because as of 4.0 you have to pay to get the feature that can e-mail you if certain search criteria can be met. For example, you could receive an e-mail every time a user gets locked out. The older releases of Splunk are here:

http://www.splunk.com/page/previous_releases
0
 
R. Toby RichardsNetwork AdministratorCommented:
Oh, and the Splunk e-mail will attach the associated log in CSV format so that you don't have to go find it on your own.
0
 
Joe SpradlinIT ManagerAuthor Commented:
Ok, so what I found out was happening is an application we have that authenticates using AD users was down and the users were logging in several times trying to get into the app.  I have since fixed the issue and now don't seem to have the problem at this time.  Thanks for all the insightful comments.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.