Issues with AD Logins

Hi all,

I have 2 helpdesk users working with me. None of them are domain admins. One of them sometimes is unable to unlock any user account and the problem disappears once he reboots.

Another one who is logged in to a laptop, iphone and ipad at the same time, gets his account locked for no reason after every few hours. On his Outlook he gets a prompt to put in his password and I check on the ADUC, he is locked.

Any ideas what might be wrong ? I check the Login Audit but couldnt find any solution.

Exchange UserSystems AdministratorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

FOXActive Directory/Exchange EngineerCommented:
open up powershell as an administrator
type import-module ActiveDirectory
copy and paste the below at your cursor   (at the first login, log with your domain admin account ex. domain\username)

#Set variables
$progress = 0

#Get Admin Credentials
Function Get-Login {
Write-Host "Please provide admin credentials (for example DOMAIN\admin.user and your password)"
$Global:Credential = Get-Credential

#Get Username to search for
Function Get-Username {
      $Global:Username = Read-Host "Enter username you want to search for"
      if ($Username -eq $null){
            Write-Host "Username cannot be blank, please re-enter username!"
      $UserCheck = Get-ADUser $Username
      if ($UserCheck -eq $null){
            Write-Host "Invalid username, please verify this is the logon id for the account!"

#Get Computername Prefix for large environments
Function Get-Prefix {
      $Global:Prefix = Read-Host "Enter a prefix of Computernames to search on (CXX*) use * as a wildcard or enter * to search on all computers"

#Start search
$computers = Get-ADComputer -Filter {Enabled -eq 'true' -and SamAccountName -like $Prefix}
$CompCount = $Computers.Count
Write-Host "Searching for $Username on $Prefix on $CompCount Computers`n"

#Start main foreach loop, search processes on all computers
foreach ($comp in $computers){
      $Computer = $comp.Name
      $Reply = $null
        $Reply = test-connection $Computer -count 1 -quiet
        if($Reply -eq 'True'){
            if($Computer -eq $env:COMPUTERNAME){
                  #Get explorer.exe processes without credentials parameter if the query is executed on the localhost
                  $proc = gwmi win32_process -ErrorAction SilentlyContinue -computer $Computer -Filter "Name = 'explorer.exe'"
                  #Get explorer.exe processes with credentials for remote hosts
                  $proc = gwmi win32_process -ErrorAction SilentlyContinue -Credential $Credential -computer $Computer -Filter "Name = 'explorer.exe'"
                  #If $proc is empty return msg else search collection of processes for username
                  write-host "Failed to check $Computer!"
                  ForEach ($p in $proc) {                        
                        $temp = ($p.GetOwner()).User
                        Write-Progress -activity "Working..." -status "Status: $progress of $CompCount Computers checked" -PercentComplete (($progress/$Computers.Count)*100)
                        if ($temp -eq $Username){
                        write-host "$Username is logged on $Computer"
write-host "Search done!"
StuartTechnical Architect - CloudCommented:
Try using the account lockout tool from Microsoft, it will show where the lockout is being initiated from so you can troubleshoot -

My gut feeling is that he has a password configured incorrectly on his phone/iPad, if this is the case the lockout tool will show his lockout being generated from the applicable that the devices connect to eg edge transport server
Exchange UserSystems AdministratorAuthor Commented:

The lockout tool only shows the domain controller on which the account has had a bad password. And I can see that the bad password attempt shows at 2 domain controllers at the same time. So it is definitely 2 devices.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Exchange UserSystems AdministratorAuthor Commented:

Can you please tell me what does this script do ?
StuartTechnical Architect - CloudCommented:
You should then be able to see what IP the lockout was initiated from
FOXActive Directory/Exchange EngineerCommented:
There seems to be a bug in that script
Exchange UserSystems AdministratorAuthor Commented:
Problem is still there.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.