Hello Swan Htet Aung,
Thank you for posting on the Microsoft Community Forum.
What do the banned accounts have in common in the problems you encountered? After the account is locked, determine which domain controller the account is locked on:
a. Please note that the account will only be locked on one domain, and then the locking action will be replicated to other domains as an emergency.
b. Download and install the lockoutstatus.exe on any machine in the domain: Download Account Lockout Status (LockoutStatus.exe) from Official Microsoft Download Center
c. You may refer to the document: "How to use the LockoutStatus.exe Tool" in http://technet.microsoft.com/en-us/library/cc738772 (WS.10) .aspx
d. Double-click on the tool, click File -> select target, enter the username and domain information, and click OK. You can see that the user on all DCs in the domain is being sent the wrong password for authentication.
If you find the wrong password verification on both the PDC and the ordinary DC, it means that the wrong password verification may be performed on the normal domain controller, and then sent to the PDC for confirmation.
In this case, we need the security logs of the normal domain controller.
- Then go to the corresponding DC to check the security logs, 4740 (account lockout), 4771 (Kerberos verification), 4776 (NTLM verification) and other logs for analysis.
4.Use log analysis to find out why your account is locked, and then adjust the environment based on the cause to solve the problem.
Best Regards,
Neuvi Jiang