users are being lock on AD.

This is the second time that users are coming in the morning with their users locked, I unlocked them from AD and they are good to go.

But , I thought first time it was a one time thing, but now it's reoccurring again.

Where can I check why is that happening?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

systechSenior Technical LeadCommented:

Us the Account Lockout tool from MS (ALTools.exe) which should help you to find out the reason.
Jane UpdegraffSr. Systems AdministratorCommented:
you need to go out and get the AD lockout tool from Microsoft or maybe if that one is too unwieldy you might try the one from netwrix here ....

but basically both are going to do the same thing, determine which domain controller processed the last failed login in each case, and the lockout event on that domain controller (look at the time that appears in the tool you chose) those events tell you how the account was locked and from what PC or server. Sometimes it's something simple like a scheduled task that is using an old password but sometimes it means that someone else is trying to login to the network as that user for not so great purposes.
Jane UpdegraffSr. Systems AdministratorCommented:
yup radhakrishnan is correct also. That's actually the one i was trying to link in my first link for the microsoft tool.
Become a Certified Penetration Testing Engineer

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

Shaun VermaakTechnical SpecialistCommented:
alonig1Author Commented:
now that I unlocked the users, I can't see anything.

how do I find the cause of the locking.
alonig1Author Commented:
it showed that the DC is locked.
systechSenior Technical LeadCommented:

Did you checked the security event logs? worth to run a virus scan on your DC's and the machines which shows in the tool or in security event logs.
Check for event 4640 on your DC (Windows Server 2012 and newer). That will tell you the workstation or server session (or internet proxy) that locked the account.
E ATech LeadCommented:
Since the account lockout issue could be caused by many factors, such as Programs, Service accounts, Low bad password threshold AD replication and Redundant credentials. Here is an another article to track and troubleshoot User Account Lockouts with this solution. Else, use Account Lockout Status tools from Microsoft.

Is it also possible that the user has his smartphone trying to connect to the network causing this?

Processes on the client computers.

Virus can do that kind of activity.

Another informative article which lets you how to identify the source of Account Lockouts in Active Directory:

You need to start looking for applications/services that might be running using an administrator account. And you could follow the article as below to track down the application/service:

Hope this helps!

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
E ATech LeadCommented:
Please post back if you have any query.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.