Some Windows Resource Kit tools will never die! I use the same tool and method you mention.
*From:* listsadmin@lists.myitforum.com [mailto: listsadmin@lists.myitforum.com] *On Behalf Of *Jonathan Raper *Sent:* Tuesday, June 23, 2015 11:16 AM *To:* ntsys...@lists.myitforum.com *Subject:* RE: [NTSysADM] User lock out +1000 I have been using the account lockout tool for years. It will scan all domain controllers on your network (we have more than 20) tell you what DC is processing the lockout, and allow you to unlock the account on multiple DCs very quickly. People seem to think that of they unlock an account on one DC that unlocks the account. Well, it does if you wait for replication. However many times if you have more than a few DCs in different sites, the place where the user is and where the lockout occurred are in different sites....and if you unlock the account in one site, the account is still locked in other sites...... Using the time stamp of the lockout from the tool, you can then browse the security logs on the DC to find the actual source of the lockout.....the workstation, Exchange, another eorkstation, etc. My team loves it. One of my guys just said how awesome it was this morning - no joke. Jonathan Sent by Outlook for Android On Tue, Jun 23, 2015 at 7:55 AM -0700, "Kibble,Tony" <tkib...@travelers.com> wrote: Have you downloaded the Account Lockout Tool from Microsoft.com? That can give some clues as to where and why an account locks out. *Tony * *From:* listsadmin@lists.myitforum.com [ mailto:listsadmin@lists.myitforum.com <listsadmin@lists.myitforum.com>] *On Behalf Of *James Button *Sent:* 23 June 2015 15:15 *To:* ntsys...@lists.myitforum.com *Subject:* RE: [NTSysADM] User lock out If your system has a ‘max-attempts’ – is there some automated process, or even someone trying to get into the system using her id – Logs should (I hope) show failed attempts to login, and – if you’re lucky, the source device of those attempts . Me – I’d have given her a new id and put a block on the old one – at least for a couple of days of checking. JimB *From:* listsadmin@lists.myitforum.com [ mailto:listsadmin@lists.myitforum.com <listsadmin@lists.myitforum.com>] *On Behalf Of *David McSpadden *Sent:* Tuesday, June 23, 2015 3:07 PM *To:* 'ntsys...@lists.myitforum.com' *Subject:* [NTSysADM] User lock out User changed password. Keeps getting locked out. Removes email from phone. Resets password. Keeps getting locked out. Logs or events show attempts from the exchange server. What tool can I use to determine exactly what is causing the bad attempts that are locking her out? *David McSpadden* Systems Administrator Indiana Members Credit Union P: 317.554.8190 | F: 317.554.8106 [image: Description: imcu email icon] <http://imcu.com/> [image: Description: facebook email icon] <https://www.facebook.com/IndianaMembersCU> [image: Description: twitter email icon] <https://twitter.com/IndMembersCU> [image: Description: email logo] [image: mcp2] This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please consider the environment before printing this email. ------------------------------ This communication, including attachments, is confidential, may be subject to legal privileges, and is intended for the sole use of the addressee. Any use, duplication, disclosure or dissemination of this communication, other than by the addressee, is prohibited. If you have received this communication in error, please notify the sender immediately and delete or destroy this communication and all copies. TRVDiscDefault::1201
