No announcement yet.

Windows 2008 R2 AD Users get locked out

  • Filter
  • Time
  • Show
Clear All
new posts

  • Windows 2008 R2 AD Users get locked out


    We have some trouble in a Windows 2008 R2 Domain enviroment, we upgraded the Windows 2003 AD servers to Windows 2008 R2 around a month ago.

    This upgrade went just fine and everything seemed to be working for us, but yesterday we started getting some trouble with the users that logons on to the domain.

    The users get an message that their account is locked out, and that they should contact domain administrator.
    When we check in AD the account hasn't been locked yet, but when they have typed in their username and password three times we also get the message in AD (As normal)

    The users logons from Windows XP SP2 and Windows 2003 Terminal servers

    When we check our event viewer we get the errors audit failure 4625, 4776 and 4771 under security, can't seem to find any messages under the other logs

    The domain functional level is still set to Windows 2003, should this have something to say?

    Is there someone that have experienced this problem earlier or do have any suggestion on what we can do to fix this?

    Since we have around 200 people logging on every day, this is a very big problem for us. Especially since they get this message several time every day.

    Thomas Borge

  • #2
    Re: Windows 2008 R2 AD Users get locked out

    If you dont see any obvious reason for locked accounts,
    I would suggest to run antivirus program and look for conficker. One of its characteristics is account locking.
    and maybe you should consider raising domain level. You will get some extended AD features.
    Please take a look at this article:

    Hope it helps.
    The chase is better than the catch