Link to home
Start Free TrialLog in
Avatar of Asif Naeem
Asif NaeemFlag for United Kingdom of Great Britain and Northern Ireland

asked on

AD USER keeps geting Locked

Dear Experts,

I have very critical issue. One user in my org keeps get his AD account locked every 2 minutes. I have downloaded the ALTools.exe run this and it shows  on different DC in org that bad password. I loged on one of DC and dig this further using AD_administration Center and ADSIEIDT utility. i can see badpwdcount 5 or 10 ?
please help me to fix this problem bcz user is Application Analyst and has lots of project and application to work every day.

Regards
Asif
Avatar of NVIT
NVIT
Flag of United States of America image
One possibility... A scheduled task run as that account, with an expired password. Note that the task may exist on a different machine, not necessarily on the  server.
Avatar of Don S.
Don S.
Flag of United States of America image
This usually happens after a password change, its usually a computer left logged in somewhere with a screen saver locked, or outlook up and running or a scheduled task - all with the old password.  It can even be a phone continually trying to connect using the old password.
Avatar of Spike99
Spike99
Flag of United States of America image
More than likely, this is caused by the user changing his password recently.  Did he change his password recently?  If so, I would look for any logged on sessions that preceded that password change.  For example, if he logged on to Server A last week and has Outlook or some other app running that requires authentication and then changed his password today on Server B, his disconnected session on Server A would try to authenticate with the previous password and continually lock him out.

Or, if he has a smart phone or iPad configured with email, I would make sure he has changed the passwords on those devices as well.
Avatar of Asif Naeem
Asif Naeem
Flag of United Kingdom of Great Britain and Northern Ireland image

ASKER

Hello experts,

I am sorry non of the above applies I  have already checked possible reason at the end put request on forum. we have multiple server in org and few in data center. one of my idiot colleague has decommission  one server Data center after this it start causing problem
is it there any way I can check at what   and many machine  user logged in. may be  it will help to fix the problem.

Regards
Avatar of Will Szymkowski
Will Szymkowski
Flag of Canada image
A lot of apps guys will use there own password for services or scheduled tasks. I would check that. I would also recommend that you download a free trial of Active Directory Auditor by Lepide software and this will tell you exactly what machine the account is being locked out on.

Active Directory Auditor by Lepide Software.
http://www.lepide.com/lepideauditor/active-directory-change-tracking.html

Will.
Avatar of Asif Naeem
Asif Naeem
Flag of United Kingdom of Great Britain and Northern Ireland image

ASKER

Hi Will,

Thanks Was really expecting your response I will check this will will post the update on it.

Regards
Asif
Avatar of SirtenKen
SirtenKen
Flag of United States of America image
I don't suppose you've looked at the security logs on the domain controllers?

https://support.microsoft.com/en-us/kb/977519 has all the Security ID definitions.
You're looking for event 4740, account lockout
ASKER CERTIFIED SOLUTION
Avatar of Asif Naeem
Asif Naeem
Flag of United Kingdom of Great Britain and Northern Ireland image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Asif Naeem
Asif Naeem
Flag of United Kingdom of Great Britain and Northern Ireland image

ASKER

It is was due to wrong DNS entry in all DC server which was showing DNS entry of decommissioned server