Azure domain controller issue

Hi Experts

I have a customer who his admin account is being locked from AD very random. After checking all security logs, more specifically for 4740 events, we can identify the source of the locked accounts appears to be a domain controller in Azure. My client has a hybrid AD-Azure and Office 365- Exchange 2010.



Any ideas on why the 4740 event is logged in a DC in Azure? My client has closed all RDP sessions from the domain, and even the dc in Azure, but his admin account keeps being locked very random, and the source of the locked account is the 2 DCs in Azure



Any ideas on how to resolve this issue?



Please, provide instructions step by step to resolve the issues, and an explanation on why the DC in Azure seems to be the source of the locked account?
Jerry SeinfieldAsked:
Who is Participating?
 
Ganesamoorthy STech LeadCommented:
enable netlogon logs on source Domain Controller in Azure to locate the affending IP

http://www.windowstricks.in/2016/06/account-lockout-caller-computer-name-blank-cisco-workstation-domain-controller.html
0
 
Jerry SeinfieldAuthor Commented:
is this applicable for Windows server 2012 R2 domain controllers in Azure and on Premises?
0
 
Ganesamoorthy STech LeadCommented:
Yes, it's applicable for Domain controllers in in Azure and on Premises
0
 
Jerry SeinfieldAuthor Commented:
All good
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.