Hello Team,

could you any one tell me what would be the best way to resolve account lockout issue for ad account.

We have around 34 domain controllers running on windows server 2008 R2 OS, on daily basis we are getting alert/incident

for account lockout. I have tried below solution but it would not reaching right way.

• Usees tool account lockout and  EventCombMT.exe for finding the machine which is responsible for account lockout
• run ALockout.dll. on client's computer to determine a process or application that is sending wrong credentials.
• Unmap and remap all the network drives connected on user pc, delete cached credentials by using command : rundll32.exe keymgr.dll,KRShowKeyMgr.
• Check for any external devices (ex phones) with an application configured to use ad-one credentials.

Hi Triyambak,

The process you're using looks to be fine, so I'm surprised you've having troubles locating the source of the lockout.

One other area you might want to check is the Credential Manager located in the Control Panel. In here, you can specify specific credentials to be used when accessing network resources, which if not kept up to date can cause issues.

Also, if you use the OWA, ActiveSync and/or Outlook Anywhere features of Exchange, you might want to double-check the results you pulled with EventCombMT to verify if your publishing server (i.e. TMG, CAS) features as the calling workstation. This will at least help you understand if the problem is even coming from an internal resource or the customer has simply forgotten about an additional external resource.

I say this because I've experienced a lot of instances where the person swears they have changed all their password, but then you remind them about tablets and home computers and then they realise they did in fact miss something. Knowing to look in your the detail of your lockout events for the publishing server is actually quite important these days.

Cheers,
Lain