RE: [NTSysADM] Account Lockout issue

[Melvin Backus]

I've also found the free Netwrix Lockout Examiner helpful as well.

--
There are 10 kinds of people in the world...
         those who understand binary and those who don't.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Fut Dey
Sent: Monday, July 24, 2017 1:32 PM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] Account Lockout issue


Disclaimer: I've never used the script before.



Try this script to see if it can help you narrow down where the lockout is 
coming from.


https://gallery.technet.microsoft.com/Determine-What-Device-is-325d9720

Detail info for the above:
http://mikefrobbins.com/2013/11/29/powershell-script-to-determine-what-device-is-locking-out-an-active-directory-user-account/

Please report back if the script is usefull or not.

Regards,
Fut

________________________________
From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
<listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>> on 
behalf of CSSU NetAdmin 
<cssunetad...@cvsdvt.org<mailto:cssunetad...@cvsdvt.org>>
Sent: Monday, July 24, 2017 9:55:12 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: Re: [NTSysADM] Account Lockout issue

Thanks for the links.  There are two accounts that are locking out constantly. 
There is no machine name associated with the attempt.  Both accounts are 
regular users so wouldn't have been used to run services.

On Mon, Jul 24, 2017 at 10:51 AM, Michael B. Smith 
<mich...@smithcons.com<mailto:mich...@smithcons.com>> wrote:
Here are some resources:

https://www.microsoft.com/en-us/download/details.aspx?id=18465
https://www.microsoft.com/en-us/download/details.aspx?id=15201
http://activedirectorypro.com/account-lockout-tool/

Regards,
Michael B.
@essentialexch

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com>] 
On Behalf Of CSSU NetAdmin
Sent: Monday, July 24, 2017 10:24 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] Account Lockout issue

We have a Windows 2012 R2 AD network.  For reasons unknown, some Windows logon 
accounts are randomly locking out.  We can unlock them but they immediately 
relock. The individuals are not trying to login, they don't have accounts on 
phones, etc. The lockout is not appearing in the Security event log.  We did 
notice that there are many Windows Filtering Platform blocked a packet (5152) 
events. We are not sure if this is related to the issue.

The lockout problem started on Friday last week.

Thanks for any help!