A Particular domain user account is locked daily in the same time.Administrator has to unlock the account daily.1. That user account is not used for running any services2. No restrict log on hours is set for that user in the user properties->account tab->log on hrs3. User is not logged on to multiple computerThanks in advance for any help.

To me it would be likely that the specific username is used in a script that is run on that specific time. You state that the user is not used to run any service, but might an unmaintained script be the problem here? Have you used the account lockout tool yet? You might be able to gather more information with that tool.

ok I will use the tool

Hi Rupa1, In addition to Mkleij's suggestion, You can refer to the common troubleshooting steps in the Troubleshooting Account Lockout article http://technet.microsoft.com/en-us/library/cc773155(WS.10).aspx. If it does not help, please enable auditing at the domain level for the following events: Account Logon Events Failure Account Management Success Logon Events Failure Best Regards, Wilson Jia This posting is provided "AS IS" with no warranties, and confers no rights.

Hi,> Check for the Audit Logs in Event Viewer of PDC and look for any Failure Audits at the same time. You would get to know the reason and Machine Name from where the request if getting generated.> If it does not help then install Account Lockout Tools and enable Netlogon Logging on PDC. http://support.microsoft.com/kb/109626> Now Unlock the User and let the Logs gather data for a day.> If the User locks out again, it would be logged in the Netlogon.log located in c:\windows\debug\Netlogon.log> ALTools would contain a utility called 'Nlparse'. Run Nlparse and provide Netlogon.log as input.> Parse the Log for 2 Errors -- 0xc000006A and 0xc00000234. You can select other Error codes as well.> Once you have the Parsed Logs, search for these two codes in the Log and you would get to know from which machine the request for Lockout is generated.> It would specify either 'Transitive' or 'Network Logon'. Transitive means the Request is coming VIA different machine. Network Logon would give you exact Machine.> Once you reach the Machine, try to turn it off for a day to see if the Account get locaked or not.> If not then we can check the machine for the problem. May be some Application, Script, Service is using the User's Credentials.Hope the information helps.Revert back with the findings.Thanks,Nitin