Account lockout Account lockout is the most common issue in windows environment, I will discuss about the frequent

account lock out issues and how to troubleshoot frequent account lockout issue

In a windows 2000/2003 domain environment if the password and account lockout policy enabled, then according to the lock out policy if the user wrongly type the password for more then 3 or 5 times, account will be lockout It should be unlocked automatically another 30 min (depending on account lockout policy) for the frequent account lockout issue, follow the below account lockout troubleshoot steps Use the below procedure for troubleshoot frequent account lockout issue Login to any of member server and using DSQUERY command to find the complete DN of the lockout Account Syntex: dsquery user name username Example: dsquery user -name testuser "CN=testuser,OU=Test,DC=test,DC=com" Login to any one of Domain controller and using replmon utility and using the Full CN name, find the B server which has finally authenticated the Lockout of the User Account. In replmon right click the server and select the Show attribute meta-data for active directory object copy the DN of the user then click OK

Or

Login to any one of Domain controller and use the below command to find the lockout time attribute change Syntex:

Repadmin /showmeta user DN Example:

Repadmin /showmeta "CN=testuser,OU=Test,DC=test,DC=com"

This will show the Meta data of the users, you can find the lockout time attribute change, from which Domain controller this attribute is changed, note the Domain controller name. Or use the below command with find Repadmin /showmeta "CN=testuser,OU=Test,DC=test,DC=com" | find /i "lockout time" Login to the Domain controller and use the dumpel command to extract the latest events, or check event viewer manually on the DC

Dumpel -f c:\lockoutevents.txt -s test001 -l security -m security -e 6 44 642 529 539 Dump successfully completed.

Check the lockoutevents.txt file for the affected user; you will be able to find the account lockout event, you able to find the system from which the account has been lockout Causes: Check if your user ID is being used to start/stop some services on affected system Check your user ID is being logging on to multiple computers Check any application using your old password on affected system Check Any Persistent drive mappings using your old password Check for TS session with old password You can also use Microsoft ALTools to troubleshoot account lockouts