Saturday, September 29, 2012

Account lockout

Account lockout

Account lockout is the most common issue in windows environment, I will discuss about the frequent account lock out issues and how to troubleshoot frequent account lockout issue


In a windows 2000/2003 domain environment if the password and account lockout policy enabled, then according to the lock out policy if the user wrongly type the password for more then 3 or 5 times, account will be lockout

It should be unlocked automatically another 30 min (depending on account lockout policy) for the frequent account lockout issue, follow the below account lockout troubleshoot steps


Use the below procedure for troubleshoot frequent account lockout issue

Login to any of member server and using DSQUERY command to find the complete DN of the lockout Account

Syntex:

dsquery user –name username

Example:

dsquery user -name testuser

"CN=testuser,OU=Test,DC=test,DC=com"

Login to any one of Domain controller and using replmon utility and using the Full CN name, find the B server which has finally authenticated the Lockout of the User Account.

In replmon right click the server and select the “Show attribute meta-data for active directory object” copy the DN of the user then click OK


Or


Login to any one of Domain controller and use the below command to find the “lockout time” attribute change

Syntex:

Repadmin /showmeta “user DN”

Example:


Repadmin /showmeta "CN=testuser,OU=Test,DC=test,DC=com"


This will show the Meta data of the users, you can find the “lockout time” attribute change, from which Domain controller this attribute is changed, note the Domain controller name.

Or use the below command with find

Repadmin /showmeta "CN=testuser,OU=Test,DC=test,DC=com"  | find /i "lockout time"

Login to the Domain controller and use the dumpel command to extract the latest events, or check event viewer manually on the DC


Dumpel -f c:\lockoutevents.txt -s test001 -l security -m security -e 6
44 642 529 539
Dump successfully completed.


Check the lockoutevents.txt file for the affected user; you will be able to find the account lockout event, you able to find the system from which the account has been lockout

Causes:

• Check if your user ID is being used to start/stop some services on affected system
• Check your user ID is being logging on to multiple computers
• Check any application using your old password on affected system
• Check Any Persistent drive mappings using your old password
• Check for TS session with old password

You can also use Microsoft ALTools to troubleshoot account lockouts


ALTools

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)