Frequent Domain Account lockout issue

I am facing frequent lock issue with my AD account , this is a pretty common issue most of the user faces in IT Organization. The root cause of this  issue is they might have logged in with their account and forget to log-off or maybe they have mapped to network drive and once when they are trying to reset the password , the lockout issue arises.

Steps to troubleshoot for Client Side(Laptop/Desktop) :

1) Local User Account is present with the same Name as AD account, If same ID is available, Rename local ID to some other ID.
2) Clear Temporary Files
3) Delete Cookies / Temp Files / History / Saved passwords / Forms / from all the Browsers.
4) Start — > Run –> Temp –> Delete all temp files.
5) Start –> Run –> Prefetch –> Delete all Prefetch files.
6) Remove Mapped drives from my computer. My Computer –> Right click on Shared drive –> click on Disconnect
7) Remove stored passwords from Control Panel
8) Start –> Run –> Type Control UserPasswords2 , Click on Advanced managed passwords and delete all the passwords
9) Remote unwanted applications from startups (Run –> msconfig –> startup –> Uncheck unwanted software’s)
10) Scan the entire HDD and update the Antivirus agent.

Steps to troubleshoot for Server Side \Active Directory 

1) Download Account LockOut Management tool

2) Extract the file copy it to C:\LockOutStatus


3) Launch the LockOutStatus.exe application and GoTo->File->Select Target and provide user details and click “OK”.lockout-1.png

4) Check for DC server details and where the account is locked and map it to the server where ORIG lock was originated. Now login to the ORIG lock server and look for the security event logs.lockout-3.png

5) Trace event logs for username and the time when the lock occurs , once you find look for client IP address where the log originated and log-off from that client machine to resolve the issue.


Notes : Try to be patient and find out the LockOut Time of the Originating server from LockOutStatus Tool and investigate for the same timeframe of security logs to resolve the issue.