Why are my AD users are getting locked out of accounts randomly?

I have a AD network at functional level 2008 and (2) DC's currently running Windows Server 2012 R2.  Prior to promoting those servers, my users were getting randomly locked out of AD, so I made the transition to the new domain controllers.  I have not raised the function level as of yet to 2012.  I did implement many of my users with new email hosting (some exchange and some POP/IMAP), it seems to have started around the same time.

My hosted exchange is not integrated into my AD.
LVL 1
Joe SpradlinIT ManagerAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
R. Toby RichardsConnect With a Mentor Network AdministratorCommented:
The only suggestion I have is to dig into the security logs on the DC, and see when, and from what devices users are being locked out.
0
 
Paul MacDonaldDirector, Information SystemsCommented:
I've seen script kiddies "hack" servers, sites, and domains using software that tries to guess passwords for common user names.  Consequently, if you have a user named "paul", and I try to log in as paul, and I fail enough times, I'm going to lock his account.

Another possibility is if a user has changed their password, but not updated any devices that use the old password, this can lead to lock-outs too.  So if I have a phone or tablet that pulls e-mail for me, and it's using an old password, it can lock me out as well.
0
 
R. Toby RichardsNetwork AdministratorCommented:
His Exchange is on a different domain.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
Joe SpradlinIT ManagerAuthor Commented:
You are correct Mr. Richards.  It is hosted.
0
 
Joe SpradlinIT ManagerAuthor Commented:
Got ya...I will try that.
0
 
R. Toby RichardsNetwork AdministratorCommented:
If you have a log retention product, then that will make the task easier. I use the free version of Splunk, which is pretty slick. While extremely outdated, I use the last version of Splunk 3.x because as of 4.0 you have to pay to get the feature that can e-mail you if certain search criteria can be met. For example, you could receive an e-mail every time a user gets locked out. The older releases of Splunk are here:

http://www.splunk.com/page/previous_releases
0
 
R. Toby RichardsNetwork AdministratorCommented:
Oh, and the Splunk e-mail will attach the associated log in CSV format so that you don't have to go find it on your own.
0
 
Joe SpradlinIT ManagerAuthor Commented:
Ok, so what I found out was happening is an application we have that authenticates using AD users was down and the users were logging in several times trying to get into the app.  I have since fixed the issue and now don't seem to have the problem at this time.  Thanks for all the insightful comments.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.