we are having an issue with our Active directory for the last 4 months where user a/c's keep getting locked out. It is nothing to do with changing passwords and being logged in on another machine on the network with the old password. anybody come across this before or know of what might be causing it?

Hi. Does the event log (security) show anything? Does the server just deny logon or does it display any messages. Let us know. ChrisE

Thanks for the reply. I wont be able to check the even view till tomorrow. I will get back to you. ta

I asked a user to send me some details from their machine. He is german but he has translated it for me. Here it is : under security events there is just one entry from 26/08/2003. it is: ----------------- Das Überwachungsprotokoll wurde gelöscht. Primärer Benutzername: SYSTEM Primäre Domäne: NT-AUTORITÄT Primäre Anmeldekennung: (0x0,0x3E7) Clientbenutzername: Administrator Clientdomäne: BERNDB01 Clientanmeldekennung: (0x0,0x9C63) ---------------- in english the first line means the protocol was deleted under system events there are some warnings from last night: 00:31 - securitysystem cannot connect to LDAP/colemeadc01.emea.smtf.ds 00:31 - securitysystem remarked a "Herunterstufungsangriff" for LDAP/colemeadc01.emea.smtf.ds. The errorcode is: "useraccount was blocked automatically because of too many attempts to log on or change password" 00:24 - security system cannot connect to cifs/colemeadc01.emea.smtf.ds in the application event there is an error from 00:31 saying username are computername couldnt be found. I was still working at that time last night at 00:31, I send my last mail at 00:38 and a couple of minutes later I switched off the machine. The next events in the eventlog start 14:15 today. That was the time when I started the computer today but couldnt log on. But there are just infos, no warnings or errors.

Hi There, I seem to be having a similar issue. I have users who appear to be locking out for no apparent reason. I'll unlock it and then later in the day they are locked again...somwhat puzzling since the user swears that she is putting in the right password. I have verified that there isn't another machine that isusing her credentials. In the security log it only gives me an error 539 that basically states that the logoin failure was caused by an account lockout (now that really helps) sorry for the bitterness. Have you had any luck with this? any ideas are freatly appreciated.Tony

i havent got anywhere with this yet Tony. If I do I will post my findings up here. ta 4 now