My ADS domain account fromA1 DC under theOU called INDIA is getting locked twice a day. As per my finding through evenet logs, this account getting locked from unknown machine (which is not listed inparticular OUB1 DC workstationlist) from B1 DC under OU called PHIL and event logs (event id 681) are getting generated atB1 DC.

Hi Customer, Thanks for posting here. According to your description, I would like to confirm the following information: 1. What's the domain account got locked? 2. Are the Domain Controller A1 and B1 in a same domain? 3. Do you have the detail information about the UNKNOWN MACHINE? Does that machine infect virus? For your information, here is a online article about troubleshoot account lock out. http://technet.microsoft.com/en-us/library/cc773155%28WS.10%29.aspx If you did not enable the auditing account management in your default Domain controller GPO. Please follow the below steps to enable it, if you received any error event logs, please let us know word by word. 1. Log on a DC as an administrator. 2. Click start, select Administrative Tools >> Group Policy Management. 3. Launch the GPMC, click the Domain Controller OU. 4. In the right panel, highlight the Default Domain Controller Policy and right click Edit. 5. Navigate to [Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy] 6. In the right Panel, double click the Audit account management. 7. Enable Define these policy settings, tick on Success and Failure, click OK. Best Regards, Wilson JiaThis posting is provided "AS IS" with no warranties, and confers no rights.

Thanks for prompt response. 1. LAN id locked under my domain called APPCA.2. Both the domain controllers are in same domain as OU's are also in same domain called APPACA.3. i caught the unknown machine name in the even log 681 as \\LONAS001but actually this workstation not exist. Tries pinging and tracert as well but no result.All Group policies and Audit policies already enabled.

Hi, Thanks for your reply. You may use Account Lockout and management Tools to help isolate the root cause of this issue. Account Lockout and Management Tools http://www.microsoft.com/downloads/details.aspx?FamilyId=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en For more information, please refer to: Troubleshooting account lockout problems in Windows Server 2003, in Windows 2000, and in Windows NT 4.0 http://support.microsoft.com/default.aspx?scid=kb;EN-US;315585 User accounts are unexpectedly locked, and event ID 12294 is logged in Windows Server 2003 http://support.microsoft.com/default.aspx?scid=kb;EN-US;887433 Best Regards, Wilson JiaThis posting is provided "AS IS" with no warranties, and confers no rights.