AD USER keeps geting Locked

Dear Experts,

I have very critical issue. One user in my org keeps get his AD account locked every 2 minutes. I have downloaded the ALTools.exe run this and it shows  on different DC in org that bad password. I loged on one of DC and dig this further using AD_administration Center and ADSIEIDT utility. i can see badpwdcount 5 or 10 ?
please help me to fix this problem bcz user is Application Analyst and has lots of project and application to work every day.

Regards
Asif
Asif NaeemSr. System Administrator ( Wintel & UNIX (AIX) Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

NVITEnd-user supportCommented:
One possibility... A scheduled task run as that account, with an expired password. Note that the task may exist on a different machine, not necessarily on the  server.
Don S.Commented:
This usually happens after a password change, its usually a computer left logged in somewhere with a screen saver locked, or outlook up and running or a scheduled task - all with the old password.  It can even be a phone continually trying to connect using the old password.
Spike99On-Site IT TechnicianCommented:
More than likely, this is caused by the user changing his password recently.  Did he change his password recently?  If so, I would look for any logged on sessions that preceded that password change.  For example, if he logged on to Server A last week and has Outlook or some other app running that requires authentication and then changed his password today on Server B, his disconnected session on Server A would try to authenticate with the previous password and continually lock him out.

Or, if he has a smart phone or iPad configured with email, I would make sure he has changed the passwords on those devices as well.
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Asif NaeemSr. System Administrator ( Wintel & UNIX (AIX) Author Commented:
Hello experts,

I am sorry non of the above applies I  have already checked possible reason at the end put request on forum. we have multiple server in org and few in data center. one of my idiot colleague has decommission  one server Data center after this it start causing problem
is it there any way I can check at what   and many machine  user logged in. may be  it will help to fix the problem.

Regards
Will SzymkowskiSenior Solution ArchitectCommented:
A lot of apps guys will use there own password for services or scheduled tasks. I would check that. I would also recommend that you download a free trial of Active Directory Auditor by Lepide software and this will tell you exactly what machine the account is being locked out on.

Active Directory Auditor by Lepide Software.
http://www.lepide.com/lepideauditor/active-directory-change-tracking.html

Will.
Asif NaeemSr. System Administrator ( Wintel & UNIX (AIX) Author Commented:
Hi Will,

Thanks Was really expecting your response I will check this will will post the update on it.

Regards
Asif
SirtenKenCommented:
I don't suppose you've looked at the security logs on the domain controllers?

https://support.microsoft.com/en-us/kb/977519 has all the Security ID definitions.
You're looking for event 4740, account lockout
Asif NaeemSr. System Administrator ( Wintel & UNIX (AIX) Author Commented:
Hi,

After spending hours on this found it was due to DNS entry DC. which was decomission.
so changed it and since it is working fine.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Asif NaeemSr. System Administrator ( Wintel & UNIX (AIX) Author Commented:
It is was due to wrong DNS entry in all DC server which was showing DNS entry of decommissioned server
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.