As a system administrator, there will be times that user will be contacting you for unlocking their AD account when they get locked out. Usually unlocking their AD account from Active Directory Users and Computers will resolve the issue.But user facing frequently account locking after unlocking the account.
For this issue we need follow the some procedure and use some tools to find the source system which is causing for the account lockouts.
Download and Install Account Lockout Status (LockoutStatus.exe)
After installation default location of LockoutStatus will be here – C:\Program Files (x86)\Windows Resource Kits\Tools
Double-click LockoutStatus.
Click on File Menu,
Click on Select target and type AD user account name and domain name to find and Click OK.
Now we see all AD servers and number of bad password counts entries, password last reset and Orig Lock.Orig tab is show account is locked or not.
Right click on Orig lock and click open Event Viewer.
In event viewer go to windows logs and click Security.
Right click on “security” and select “Filter current logs”
In place of <All Event ID> type 4740 and Click OK [Event ID 4740 – A user account was locked out]
You can see the Source list of which user lock out happened in that AD server ,Search for the recent event to find out the server/Desktop where the users account is getting continuously locking out.
Double click on the recent event ID and there will be a pop-up window which will show a message like below.
In above case account lockout of USER pavi was happening in FILESERVER.
Log into that server/Desktop where account lockout is happening(here its FILESERVER)and go to task manager >users tab and see if there was a disconnect session from the user who is getting locked out.If there is a disconnect session from user, Logout user from that machine (Sometimes user will just disconnect a RDP session to that server without proper log off and this may cause account lockout issue)
Above issue has been solved by this.And also check with user local systems which user using and remove all credential manager, saved passwords and clear all cached passwords in the Browsers