Technology Tips and News
Good day,
I am having a problem with my DC accounts, they keep on locking the users out and then i would have to unlock the users. so i am not sure what to do. i have been struggling for months now.
Please assist urgently, as this thing irriatates the hell out of my Seniors when they are locked out.
Hello,
Please check the Anitivirus on Domain controller. If possible run the full scan on DC.
Also check below are those common for account lockout. Run EventCOMBMT.exe tool to find the exact root cause on which machine your account is getting locked.
Event ID 531 : Account disabled
Event ID 532 : Account expired Event ID 535 : Password expired
Event ID 539 : Logon Failure: Account locked out
Event ID 644 : User account Locked out
Event ID 4740: A user account was locked out.(Windows 2008 & Windows 7)
Common cause for Account Lockout
Programs
Service accounts
Bad password threshold is set too low.
User logging on to multiple computers.
Scheduled tasks
Persistent drive mappings
Active Directory Replication
Disconnected Terminal Server Sessions
In case of the account lockout I would suggest you to do the following:
First Identity the Source from where the bad credentials are being getting generated, to do that please create the below mentioned group policy at domain level:
Audit Account Logon Events - Success and Failure
Audit Logon Events - Success and Failure
Account Management - Success
Then Enabled the Netlogon logging on all the domain controllers : Please refer the below mentioned article for this.
Enabling debug logging for the Net Logon service :- support.microsoft.com/en-us/kb/109626
The above article works for all the o/s
Let me know once you all above done.
This topic is archived. No further replies will be accepted.
Other recent topics
Click here to get your free copy of Network Administrator. Over 25 plugins to make your life easier