Active Directory Users getting Locked out

  • Thread starter Thread starter Brenda
  • Start date Start date
B

Brenda

I have a question, for the last few days, i've come into
my office with tons of voicemails sayin that the users
accounts have been locked out. When I review the Active
Directory Users properties, EVERYONE's account has been
locked out, and I spend about an hour unlocking everyones
account.

1) What could be the cause of this?

and

2) Is there a way to unlock everyone's account at one
time instead of having to do each account?

Thanks in advance

Brenda Donals
Network Admin
 
For question number one see the following resources.

Take a look at the following resources

Account Policy whitepaper

http://www.microsoft.com/technet/tr...ndowsserver2003/maintain/operate/BPACTLCK.asp

Account lockout management tools

http://microsoft.com/downloads/deta...9C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en

Account Best Practices

http://www.microsoft.com/technet/tr...oddocs/entserver/windows_password_protect.asp

Account Lockout Webcast

http://support.microsoft.com/default.aspx?scid=/servicedesks/webcasts/wc022703/wcblurb022703.asp


For Question 2. There are ways to script this. There are some sample
scripts to unlock accounts at
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/scriptcenter/user/default.asp

--
Tim Hines, MCSE, MCSA
Windows 2000 Directory Services

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
 
Tim,

I just saw your reply and followed the links you posted.
I'm currently using the workstation 'alockout.dll" in
conjunction with the "Account Lockout Status"
application, but I do have a question. The user accont
is in fact being locked out even though the user is not
doing anything, and the alockout.txt in the %systemroot%
\debug folder is showing entries. Where do I fnd the
document to explain the different codes, messages, etc
that I find in this file?

I appreciate any info you can provide.
 
If the user is being locked out when he is not doing anything then he may be
logged on at another workstation, terminal session or something maybe be
using that user's credentials. You should start t-shooting by enabling
netlogon logging and reviewing the netlogon logs from the DCs. Parse the
logs using nlparse.exe and then go through them to look for the user account
name. That will tell you where the authentication request is coming from.
You can then concentrate on that workstation to determine what may be
sending the users credentials. Alockout.dll would be helpful at that point.
If it is running on a workstation that is not sending any authentication
request from that user then the information will not be useful. We do not
have any documentation that describes the output. The main thing that you
need to look for is exe names. Those will be the applications that may be
causing the lockout.


--
Tim Hines, MCSE, MCSA
Windows 2000 Directory Services

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
 
Back
Top