I have a domain account which keeps getting locked without any prior wrong password login attempts:
I.e (completely stripped off the details, just to give you an idea)
10:15:49 – logon successful
10:16:55 – logon failed (account locked)
There's something very odd here: I would expect at least one event between a successful logon and failed logon due to locked password. Where's the event that causes the lock with a failed password?
Other information:
-It's a MS RemoteApp system: there's a remoteapp system where people login via a web portal. The authentication happens during people logging into the web portal.
-There's no genius who's randomly locking accounts, even that should be in the logs, amirite?
Best Answer
Microsoft's account lockout tools might help you figure out what's going on.
Not necessarily.
Honestly, I kind of want to copy and paste Ryan Ries' answer here, so I'll link it instead.
My guess would be that someone has used their personal account for a service, but that's only a random guess.