This article is provided by MVP Sainath K.E.V. Microsoft is so thankful that MVPs who proactively share their professional experience with other users. The article would be posted on MVP's website or blog later.
Organizations use Microsoft Directory Service for centralized management of the Users and Resources. Logical structuring of Active directory can be achieved through Forests, Domains and Organizational Units. SME or Enterprise wide Organizations rely heavily on Organizational Unit as Security boundary and place their Users , configure policies and provide delegation of Authority.
Managing Active Directory is challenging and administrators might have encountered a scenario where the User accounts in a particular Organizational Unit or different Organizational Units gets automatically disabled.
This is not a default Microsoft Active Directory Domain Services behavior. Below are the only possibilities for the accounts being locked
a) Manual disabling of User account or User accounts
b) Schedule Task which triggers a Script to disable the User account / User accounts
b) Manual execution of WMI Script / Powershell Script to disable the User account or User accounts
To narrow down the root cause of the problem, following are the major steps which needs to be carefully reviewed and configured.
Administrators can configure Advance Security Audit policy to audit User Account Management. After successful configuration of Audit policy the following events gets registered under the Event log. Administrators can create Group Policy and configure the Audit policy or make changes to Default Domain Controller Policy to track the events.
Event ID : 4725
Event Message : A user account was disabled.
If there is no Event ID 4725 getting registered , administrators should verify the Event Log size.
Community Solutions Content Disclaimer
MICROSOFT CORPORATION AND/OR ITS RESPECTIVE SUPPLIERS MAKE NO REPRESENTATIONS ABOUT THE SUITABILITY, RELIABILITY, OR ACCURACY OF THE INFORMATION AND RELATED GRAPHICS CONTAINED HEREIN. ALL SUCH INFORMATION AND RELATED GRAPHICS ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT AND/OR ITS RESPECTIVE SUPPLIERS HEREBY DISCLAIM ALL WARRANTIES AND CONDITIONS WITH REGARD TO THIS INFORMATION AND RELATED GRAPHICS, INCLUDING ALL IMPLIED WARRANTIES AND CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, WORKMANLIKE EFFORT, TITLE AND NON-INFRINGEMENT. YOU SPECIFICALLY AGREE THAT IN NO EVENT SHALL MICROSOFT AND/OR ITS SUPPLIERS BE LIABLE FOR ANY DIRECT, INDIRECT, PUNITIVE, INCIDENTAL, SPECIAL, CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF USE, DATA OR PROFITS, ARISING OUT OF OR IN ANY WAY CONNECTED WITH THE USE OF OR INABILITY TO USE THE INFORMATION AND RELATED GRAPHICS CONTAINED HEREIN, WHETHER BASED ON CONTRACT, TORT, NEGLIGENCE, STRICT LIABILITY OR OTHERWISE, EVEN IF MICROSOFT OR ANY OF ITS SUPPLIERS HAS BEEN ADVISED OF THE POSSIBILITY OF DAMAGES.
Microsoft Windows Server 2003 R2 Enterprise Edition (32-Bit x86), Microsoft Windows Server 2003 R2 Standard Edition KN, Microsoft Windows Server 2003 R2 Standard x64 Edition, Windows Server 2008 Datacenter, Windows Server 2008 Datacenter without Hyper-V, Windows Server 2008 Enterprise, Windows Server 2008 R2 Datacenter, Windows Server 2008 R2 Datacenter without Hyper-V, Windows Server 2008 R2 Enterprise, Windows Server 2008 R2 Enterprise without Hyper-V, Windows Server 2008 R2 Standard, Windows Server 2008 R2 Standard without Hyper-V, Windows Server 2008 Service Pack 2, Windows Server 2008 Standard, Windows Server 2008 Standard without Hyper-V