Solved

Why are my AD users are getting locked out of accounts randomly?

Posted on 2015-01-27
8
181 Views
Last Modified: 2015-01-30
I have a AD network at functional level 2008 and (2) DC's currently running Windows Server 2012 R2.  Prior to promoting those servers, my users were getting randomly locked out of AD, so I made the transition to the new domain controllers.  I have not raised the function level as of yet to 2012.  I did implement many of my users with new email hosting (some exchange and some POP/IMAP), it seems to have started around the same time.

My hosted exchange is not integrated into my AD.
0
Comment
Question by:Joe Spradlin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 40572810
I've seen script kiddies "hack" servers, sites, and domains using software that tries to guess passwords for common user names.  Consequently, if you have a user named "paul", and I try to log in as paul, and I fail enough times, I'm going to lock his account.

Another possibility is if a user has changed their password, but not updated any devices that use the old password, this can lead to lock-outs too.  So if I have a phone or tablet that pulls e-mail for me, and it's using an old password, it can lock me out as well.
0
 
LVL 5

Expert Comment

by:R. Toby Richards
ID: 40572885
His Exchange is on a different domain.
0
 
LVL 1

Author Comment

by:Joe Spradlin
ID: 40572888
You are correct Mr. Richards.  It is hosted.
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 5

Accepted Solution

by:
R. Toby Richards earned 500 total points
ID: 40572899
The only suggestion I have is to dig into the security logs on the DC, and see when, and from what devices users are being locked out.
0
 
LVL 1

Author Comment

by:Joe Spradlin
ID: 40572906
Got ya...I will try that.
0
 
LVL 5

Expert Comment

by:R. Toby Richards
ID: 40572982
If you have a log retention product, then that will make the task easier. I use the free version of Splunk, which is pretty slick. While extremely outdated, I use the last version of Splunk 3.x because as of 4.0 you have to pay to get the feature that can e-mail you if certain search criteria can be met. For example, you could receive an e-mail every time a user gets locked out. The older releases of Splunk are here:

http://www.splunk.com/page/previous_releases
0
 
LVL 5

Expert Comment

by:R. Toby Richards
ID: 40572989
Oh, and the Splunk e-mail will attach the associated log in CSV format so that you don't have to go find it on your own.
0
 
LVL 1

Author Comment

by:Joe Spradlin
ID: 40580419
Ok, so what I found out was happening is an application we have that authenticates using AD users was down and the users were logging in several times trying to get into the app.  I have since fixed the issue and now don't seem to have the problem at this time.  Thanks for all the insightful comments.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
In this Micro Tutorial viewers will learn how to restore single file or folder from Bare Metal backup image of their system. Tutorial shows how to restore files and folders from system backup. Often it is not needed to restore entire system when onl…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

632 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question