Skip to main content

Troubleshoting Account ID Locked in Windows AD Domain Environment

I am pretty sure this issue occurred to almost all Wintel or Service Desk Engineers - User came to us, make a report saying that his or her ID was locked, and he or she did not know why (or did they?).



Nevertheless, I have compiled on how I checked and resolved this issue in my environment, hopefully it will help yours too.


Issues :

 Troubleshooting Account Locked

Troubleshooting 
  1.  Download Account Lockout and Management Tools from here.

  2. Get it extracted.

  3. Launch LockoutStatus.exe

  4. Go to File | Select Target...

  5. Put in target user name, domain, and if needed alternate domain admin credential. Press OK once done.

  6. Collecting data...


  7. In here, we can see a few important info such as the DC names, ID state, bad password count, last bad password, etc etc. This is the example of ID locked by a single DC (usually PDC emulator).


    This is the example of the ID locked by 2 different DC (PDC emulator and another DC).

Resolution :
  1.  Take note on the time when the ID locked (column locked Time). Right click at on the DC, and click at Manage

  2.  Computer Management console of that DC launched. navigate to Security log, and choose to filter the log

  3. Configure the filter as below, then press OK.

    Logged :     from when till when - make sure the the locked time is within this timeline. I will just leave it as default.

    Event ID : 4771
  4.  The log will be filtered accordingly.

  5.  At (nomally) exact locked time, you can see an event logged with below info 
  6. Focus on Network Information portion. It will list which device is giving the problem based on IP address.

  7.  Depending on account lockout threshold, you may see authentication failure events logged for the same user. In my case, the same event logged for 3 times.

  8.  Now we narrowed down to which machine, we should by now can guess why it locked. If there is disconnected session at that machine, kill it. If the user set an application to authenticate using his/her ID, then change the password / use service ID.
Reference 
Labels:

Comments

Post a Comment

Popular posts from this blog

Microsoft Assessment and Planning (MAP) Toolkit - Extract Report (3/4)

As mentioned in  the first post , this KB series is about Microsoft Assessment and Planning (MAP) Toolkit. There are 4 main steps : Install MAP Toolkit and its basic configuration Collect inventory Data  Extract Report Extract Advanced Report Once inventory data collected, we can generate reports. From the inventory data collected earlier, we can use options in the toolkit to generate the report. For this example, we re going to discover Windows 10 Readiness This KB is about  how to generate report from collected inventory data. At Overview page, select the targeted scenario category. In this example, it is Desktop . At this page, select specific scenario that we after. In this example, it is Windows 10 Readiness.     It is possible to customize assessment properties. The properties will set the threshold of the assessment, such as, threshold for minimum CPU speed, acceptable free disk, as well as minimum assigned RAM. To do so, s...
Post a Comment
Read more

Microsoft Assessment and Planning (MAP) Toolkit - Collect Inventory Data (2/4)

As mentioned in  previous post , this KB series is about Microsoft Assessment and Planning (MAP) Toolkit. There are 4 main steps : Install MAP Toolkit and its basic configuration Collect inventory Data  Extract Report Extract Advanced Report Before we could generate a report, we need to collect inventory data. There are a few options, such as Windows computers, Linux computers, computers on VMware, Active Devices and users, etc. For this example, we re going to discover Windows Computers within a specific IP ranges. This KB is about  how to collect inventory data. At Overviews section, select Perform an inventory For this testing, let’s select Microsoft computers, and select Next For this testing, we will discover devices via IP range. Select scan an IP address range, and select Next Specify range if IPs, and select Next To discover and connect to the machines, we need to provide user account(s) that have permission to do so. Select ...
Post a Comment
Read more

Microsoft Assessment and Planning (MAP) Toolkit - Overview

Microsoft created a  toolkit called Microsoft Assessment and Planning Toolkit that helps IT to discover current infrastructure for variety of migration projects.  This tool kit covers below scenarios : Windows computers Linux/UNIX computers VMware computers Active Directory and Users Exchange Servers Endpoint Protection Server Lync Server Softwre ID (SWID) tags SQL Server SQL Server with Database Details Microsoft Azure Platform Migration Oracle Windows Volume Licensing Client Access Tracking for Windows Server 2012 or Later Client Access Tracking for SQL Server 2012 or later Client Access Tracking for Configuration Manager Client Access Tracking for SharePoint Server 2016 Client Access Tracking for Remote Desktop Services … and IT Admins can use below methods to discover the machines. Use Active Directory Domain Service (AD DS) Use Windows networking protocols Use System Center Configuration Manager (SCCM) Scan an IP Address range Manually enter...
Post a Comment
Read more