Active Directory Account Lockout Troubleshooting

If someone’s Active Directory account is getting locked out, you can check the event logs on the domain controllers to see what is doing it. This is useful if people log into multiple devices as a common cause of this is that they have left themselves logged in somewhere and it is trying to authenticate with an old password

 

·         Open remote desktop and go to your domain controller NOTE – if you don’t find anything here, follow the same steps on other domain controllers

·         Open Event Viewer and navigate to Windows Logs > Security

·         Sort by Date and Time and select a log entry close to the time after the suspected account lockout

·         On the right hand side click ‘Find…’ and search for the users login name 

·         You are looking for a message with Event ID 4740 and the heading ’A user account was locked out’ like the one below: