Account lockout is the most common issue in windows environment, I will discuss about the frequent account lock out issues and how to troubleshoot frequent account lockout issue
In a windows 2000/2003 domain environment if the password and account lockout policy enabled, then according to the lock out policy if the user wrongly type the password for more then 3 or 5 times, account will be lockout
It should be unlocked automatically another 30 min (depending on account lockout policy) for the frequent account lockout issue, follow the below account lockout troubleshoot steps
dsquery user –name username
dsquery user -name testuser
Login to any one of Domain controller and using replmon utility and using the Full CN name, find the B server which has finally authenticated the Lockout of the User Account.
In replmon right click the server and select the “Show attribute meta-data for active directory object” copy the DN of the user then click OK
Login to any one of Domain controller and use the below command to find the “lockout time” attribute change
Repadmin /showmeta “user DN”
Repadmin /showmeta “CN=testuser,OU=Test,DC=test,DC=com”
This will show the Meta data of the users, you can find the “lockout time” attribute change, from which Domain controller this attribute is changed, note the Domain controller name.
Or use the below command with find
Repadmin /showmeta “CN=testuser,OU=Test,DC=test,DC=com” | find /i “lockout time”
Login to the Domain controller and use the dumpel command to extract the latest events, or check event viewer manually on the DC
Dumpel -f c:lockoutevents.txt -s test001 -l security -m security -e 6
44 642 529 539
Dump successfully completed.
Check the lockoutevents.txt file for the affected user; you will be able to find the account lockout event, you able to find the system from which the account has been lockout
• Check if your user ID is being used to start/stop some services on affected system
• Check your user ID is being logging on to multiple computers
• Check any application using your old password on affected system
• Check Any Persistent drive mappings using your old password
• Check for TS session with old password
You can also use Microsoft ALTools to troubleshoot account lockouts