Troubleshooting Account Lockouts

Have a user that constantly getting locked out? Here is a awesome tool and solution to help you narrow down the device.

The first thing to check before you do anything is. Does this user have a mobile device with Email. More often than not the device is a mobile device with an old password. Check the mobile device and remove email if you have to.

The second pair of tools you can use is the Microsoft Account Lockout and Management Toolkit: https://www.microsoft.com/en-us/download/details.aspx?id=18465.

Download it and install it on something NOT a Domain Controller or Exchange Server

The 3rd tool is a script someone put together. This tool will allow you to type in the username and it will find the name of the machine on the domain locking out the user.

You can download it here: https://gallery.technet.microsoft.com/scriptcenter/Determine-What-Device-is-325d9720

To use the script please see the directions below:

1. Download the script
2. Open Powershell as Admin
3. Move to folder where the script is. In this case it was on my desktop so "CD C:\users\mdeverna\desktop"
4. Set the execution policy so you can run the script in Powershell
5. Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted
6. Type A to accept All
7. Run .\get-LockedOutUser.ps1 -Username 'Username' ****Username being the user's actual username***

As you can see this user was being locked out by the computer OP-SMILLAN. The procedure from here is to go to that machine and reboot it or see what app is using the users credentials

For IT service and more articles please reach out to me or go to www.msditprofessionals.com