Posts made by petergregg85
RE: Active Directory - Finding Source Of Repeated Lockouts
Lepide have a new Account Lockout Examiner freeware that may help you on this.
Else, get help from this article which lets you how to troubleshoot account lockout issue using LockoutStatus, EventCombMT and Netlogon.
Are you sure you enabled auditing policy?
Computer Configuration > Policies → Windows Settings → Security Settings → Advanced Audit Policy Configuration → Audit Policies → Account Management: Audit User Account Management → Define → Success and Failures.
Try running on DC:
auditpol /get /category:Logon/Logoff
do you see "Account Lockout" set to Success and Failure?
Most of the time, its Active sync that i have seen locks out the user's account
Did you tried to clearing out cached credentials.
Steps to track locked out accounts and find the source of Active Directory account lockouts: https://www.lepide.com/how-to/identify-the-source-of-account-lockouts-in-active-directory.html