![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
638 questions
Hello M.U.F.C,
Thank you for posting in Microsoft Community forum.
Based on the description "I have a issue with user locked out. That's happen to a multiple user's in AD.", have you made any change before the user accounts locked out? For example, if you install any KB on any DC or on any domain-join machines? Or make any GPO setting related to Cipher suites or TLS/SSL?
Based on the description "If there is a powershell command that will be very helpful for me.", I am afraid there is no, please troubleshot as below:
- Check if you can see multiple Event ID 4771 or 4776 via Security log on DC/PDC.
2.Check if you can see Event ID 4740 via Security log on DC/PDC.
3.If these user accounts are not locked out by the same change or the same cause, we may need to check one domain user account first.
4.Find one locked account, and for this domain user account, if you can see Event ID 4771 or 4776 and Event ID 4740 related this domain account, can you see which machine lock the user account? If so, logon the machine locked out this account to try to check the reason. • Check Credential Management to see if the user's old credentials are cached (Control Panel) • Check whether the network disk is mounted with the wrong password • Check if the user started the service with the wrong password, run scheduled tasks, etc • Are there other third-party programs that cache incorrect passwords for users
I hope the information above is helpful. If you have any question or concern, please feel free to let us know.
Best Regards,
Daisy Zhou