• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 65
  • Last Modified:

Domain account lockout

Occasionally, a single domain user account will lock out. The user is not logged in anywhere else as far as I can tell. I can unlock the account in ADUC, but the account will quickly relock itself as if a bad password were being tried multiple times. In order to resolve this, I have been restarting the Microsoft Exchange Active Directory Topology service on the domain controller. This prevents the continued lockout issue for this one user. Is there anything I should be looking at on this account specifically to prevent this from happening in the future? I've already had the user reset his domain password, and I don't suspect that his account is being brute-forced. Is there any explanation as to why restarting the AD Topology service fixes this issue? Is this a known issue and/or is there a permanent fix for this problem that I can implement on an SBS 2011 Standard server?
0
OAC Technology
Asked:
OAC Technology
2 Solutions
 
Dirk MareSystems Engineer (Acting IT Manager)Commented:
Seeing that you are restarting exchange services to "resolve" the issue, check the user computer for stored credentials and delete all credentials MSEXCHANGE. .

DirkMare
0
 
Felicia KingCommented:
I would enable Netlogon debug logging and then look through the logs for 6A events which are bad password. Looking at that event as well as surrounding events will tell you exactly what is causing the account lockout.
http://www.eventid.net/display-eventid-4776-source-Microsoft-Windows-Security-Auditing-eventno-10736-phase-1.htm

https://support.microsoft.com/en-us/kb/109626
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now