Skip to main content

Troubleshoting Account ID Locked in Windows AD Domain Environment

I am pretty sure this issue occurred to almost all Wintel or Service Desk Engineers - User came to us, make a report saying that his or her ID was locked, and he or she did not know why (or did they?).



Nevertheless, I have compiled on how I checked and resolved this issue in my environment, hopefully it will help yours too.


Issues :

Troubleshooting Account Locked



Troubleshooting 

  1.  Download Account Lockout and Management Tools from here.

  2. Get it extracted.

  3. Launch LockoutStatus.exe

  4. Go to File | Select Target...

  5. Put in target user name, domain, and if needed alternate domain admin credential. Press OK once done.

  6. Collecting data...


  7. In here, we can see a few important info such as the DC names, ID state, bad password count, last bad password, etc etc. This is the example of ID locked by a single DC (usually PDC emulator).


    This is the example of the ID locked by 2 different DC (PDC emulator and another DC).

Resolution :
  1.  Take note on the time when the ID locked (column locked Time). Right click at on the DC, and click at Manage

  2.  Computer Management console of that DC launched. navigate to Security log, and choose to filter the log

  3. Configure the filter as below, then press OK.

    Logged :
    from when till when - make sure the the locked time is within this timeline. I will just leave it as default.

    Event ID : 4771
  4.  The log will be filtered accordingly.

  5.  At (nomally) exact locked time, you can see an event logged with below info 
  6. Focus on Network Information portion. It will list which device is giving the problem based on IP address.

  7.  Depending on account lockout threshold, you may see authentication failure events logged for the same user. In my case, the same event logged for 3 times.

  8.  Now we narrowed down to which machine, we should by now can guess why it locked. If there is disconnected session at that machine, kill it. If the user set an application to authenticate using his/her ID, then change the password / use service ID.


Reference 

Comments

Popular posts from this blog

Microsoft Assessment and Planning (MAP) Toolkit - Extract Report (3/4)

As mentioned in  the first post , this KB series is about Microsoft Assessment and Planning (MAP) Toolkit. There are 4 main steps : Install MAP Toolkit and its basic configuration Collect inventory Data  Extract Report Extract Advanced Report Once inventory data collected, we can generate reports. From the inventory data collected earlier, we can use options in the toolkit to generate the report. For this example, we re going to discover Windows 10 Readiness This KB is about  how to generate report from collected inventory data. At Overview page, select the targeted scenario category. In this example, it is Desktop . At this page, select specific scenario that we after. In this example, it is Windows 10 Readiness.     It is possible to customize assessment properties. The properties will set the threshold of the assessment, such as, threshold for minimum CPU speed, acceptable free disk, as well as minimum assigned RAM. To do so, s...

Microsoft Assessment and Planning (MAP) Toolkit - Overview

Microsoft created a  toolkit called Microsoft Assessment and Planning Toolkit that helps IT to discover current infrastructure for variety of migration projects.  This tool kit covers below scenarios : Windows computers Linux/UNIX computers VMware computers Active Directory and Users Exchange Servers Endpoint Protection Server Lync Server Softwre ID (SWID) tags SQL Server SQL Server with Database Details Microsoft Azure Platform Migration Oracle Windows Volume Licensing Client Access Tracking for Windows Server 2012 or Later Client Access Tracking for SQL Server 2012 or later Client Access Tracking for Configuration Manager Client Access Tracking for SharePoint Server 2016 Client Access Tracking for Remote Desktop Services … and IT Admins can use below methods to discover the machines. Use Active Directory Domain Service (AD DS) Use Windows networking protocols Use System Center Configuration Manager (SCCM) Scan an IP Address range Manually enter...

How To Change NetBIOS Name of A Computer

So yes... After 4 months without new contents, so I started with this. It looks easier to do (well, it is), but before you do that, you may want to read this  to understand the difference between hostname and netBIOS, then starts to explore on when to use them, their limitations etc etc. I won't discuss here (or maybe not today). So let's back to the topic.   Description : Changing NetBIOS Name of A Computer. ComputerName : NetBIOS : How To Do :  Go to Start > Run , and type REGEDIT  Browse to Computer > HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Control > ComputerName > ComputerName At the right side, double click at ComputerName string, and put correct Value data . Press OK .  Then you will get this Reboot your computer / VM. Once it is up, double check your netBIOS name. New name shall be reflected