AD Users account locked frequently?

Anonymous
2024-02-29T07:11:06+00:00

We have some issues regarding with AD users account locked frequently and every day. We did many ways and also deployed update patch and zero-day patch. But it didn't solve totally. May I know how to solve the user account locked issues?

Windows for business | Windows Server | Directory services | Active Directory

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Anonymous
    2024-03-01T06:48:20+00:00

    Hello Swan Htet Aung,

    Thank you for posting on the Microsoft Community Forum.

    What do the banned accounts have in common in the problems you encountered? After the account is locked, determine which domain controller the account is locked on:

    a. Please note that the account will only be locked on one domain, and then the locking action will be replicated to other domains as an emergency.

    b. Download and install the lockoutstatus.exe on any machine in the domain: Download Account Lockout Status (LockoutStatus.exe) from Official Microsoft Download Center

    c. You may refer to the document: "How to use the LockoutStatus.exe Tool" in http://technet.microsoft.com/en-us/library/cc738772 (WS.10) .aspx

    d. Double-click on the tool, click File -> select target, enter the username and domain information, and click OK. You can see that the user on all DCs in the domain is being sent the wrong password for authentication.

    If you find the wrong password verification on both the PDC and the ordinary DC, it means that the wrong password verification may be performed on the normal domain controller, and then sent to the PDC for confirmation.

    In this case, we need the security logs of the normal domain controller.

    1. Then go to the corresponding DC to check the security logs, 4740 (account lockout), 4771 (Kerberos verification), 4776 (NTLM verification) and other logs for analysis.

    4.Use log analysis to find out why your account is locked, and then adjust the environment based on the cause to solve the problem.

    Best Regards,

    Neuvi Jiang

    0 comments No comments