It affecting all 55 people and it locks again after i unlock the account.
Microsoft has a nice article on troubleshooting this
Otherwise, it really tough to say, could be anything. How quickly are they locked again?
There are tons of different reasons why you could be experiencing Active Directory account lockouts—forgotten passwords, attempted Active Directory intrusions, mapped network drives, disconnected remote desktop sessions, and so on. The reasons for an Active Directory lockout can be very simple or very complex, but regardless, they do result in loss of productivity, frustrated users, an influx of help desk calls and a huge administrative burden.
That is why for many organizations, it makes sense to take advantage of third-party account lockout solutions like the NetWrix Account Lockout Examiner. The NetWrix Account Lockout Examiner is inexpensive and pulls its weight in gold by saving money on lost productivity and IT administrative labor. It is a cost-effective solution that will not only notify IT operators of account lockouts via real-time notifications, but it will troubleshoot those account lockouts, giving administrators the answers they need to ensure that similar problems don’t reoccur in the future, and it will proactively resolve the issues by way of a web-based console or E-mail. The fast resolution allows users to quickly solve problems with minimal to zero IT assistance and return to a productive state.
Stephen Schimmel, Product Manager, NetWrix Corporation
Another item that can contibute to account lockout is an overly restrictive policy.
Unfortunately there are now many things that make multiple attempts to authenticate before they go back to the user to re-enter the password.
A common implemetation is an application tries three times before returning to the user with a could not authenticate and allowing the user to re-entering the password. I have seen this go as high as six authentication attempts in an application. Either of these situations cause an immediate lockout with only one user attempt with the default 3 try limit.
So, setting to 10 attempts prior to lockout was a good compromise number taking into account that applications that require a separate authentication and authenticate against the AD now often make multiple authentication attempts in the background.
Another item to watch out for are saved passwords. Even with a no saved password policy I see many applications brought in that save passwords anyway. So, application launches after a password change, tries to authenticate to AD in the background, does it’s three attempts thing, user is now locked out, user finally presented a login prompt and allowed to enter password. You now have a very unhappy user who is unable to work and another help desk call.
Yeah, I’ll get off my soap box now.
This thread is old, but a lot of things can cause a user to be locked out. Including a service somewhere logging in under the account, or a user left logged on to a computer. I use AD Network Manager to find out where my users are logged in.