One of the most frustrating activities a Windows admin has to perform is understanding why an Active Directory account keeps locking: here’s a quick way to find out.
Download the Account Lockout Status tool from Microsoft website.
From the File menu, choose Select Target…
type the User Name and the Domain Name
the tool will show, for each domain controller, the account state and the time of the last login attempt with a bad password:
Connect to the domain controller and open, with the event viewer, the Security event log:
Look for an Audit Failure event in the time range shown by the tool; in the event’s details you can read the IP address of the client that originated the login attempt:
On that client you’ll probably find a session, a task or a service running with your account…