Domain Controller in Windows Server 2003

10 pts.
Domain Controller
Microsoft Windows Server 2003
Windows server administration
Windows Server User Profiles
Hi, I have a challenge with my Domain Controller. Recently, the DC just lock-out users' accounts indiscriminately (I mean a user log-on today and wake up tomorrow and the account is locked out). I have to unlock users' account almost everyday. What is responsible for this and what can I do? Note: This was not happening before and I did not configure any security setting to warrant this.

Software/Hardware used:
Windows 2003

Answer Wiki

Thanks. We'll let you know when a new response is added.

By default Windows 2003 domains will lock a computer out if the incorrect password is used enough times. Sounds like someone is attempting to break into your domain through VPN, Outlook Web Access, or some other services which is exposed on the Internet.


It is very likely that there is some malware running loose on your network. We have seen the same thing happen due to virus infected machines. Take a look at my blog: Tracking down that user/computer that locks AD accounts. It could take a while to track down and correct the source of the problem if you have a very distributed environment (like we do).

Discuss This Question: 2  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Gabe9527
    Have you made any changes lately to your AD environment? Do you have any policies that could be at fault? anything realy to help in finding the solution......
    11,095 pointsBadges:
  • Gabe9527
    This may help you in finding out what is happening.... Account Lockout Tools This will give you the following informaiton # DC Name: Displays all domain controllers that are in the domain. # Site: Displays the sites in which the domain controllers reside. # UserState: Displays the status of the user and whether that user is locked out of their account. # Bad Pwd Count: Displays the number of bad logon attempts on each domain controller. This value confirms the .domain controllers that were involved in the account lockout. # Last Bad Pwd: Displays the time of the last logon attempt that used a bad password. # Pwd Last Set: Displays the value of the last good password or when the computer was last unlocked. # Lockout Time: Displays the time when the account was locked out. # Orig Lock: Displays the domain controller that locked the account (the domain controller that made the originating write to the LockoutTime attribute for that user). With this you might get hints as to what is doing this.
    11,095 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: