# unable to login because your account has been lock out. Using AD Server.



## Puevan (Feb 16, 2013)

Hi Guys,

I'm facing a big problem at my work place. Currently we have 300Pc in the office and 500 Pc in Production area. On 16/1/2013 we have been actack by virus (download.ad, trojen, etc).
I have using Trend Micro 10.0 ver and I found that I need to update the ver. to 10.6. So, I have updated the whole company with the latest version. Than I have managed to solve the virus issue.

Now starting from 1/2/2013, I'm facing a new problem which I have no Idea on it and have no solution for it*.(unable to login because your account has been lock out, Please contact your administrator).*

*I'm Using AD server (domain Server), Every Morning I have to stand by for Unlock account using the ad server *
*example. user name (right click )>Propeties>account(on tab)>Unlock Accounk check box>Apply >ok.*

Than User can Login.

A day I have to do around 200 user.

Is there any solution for this, please share with me and teach me.

I will be happy if there is anyone could help me.

Puevan,


----------



## kanaitpro (Feb 13, 2013)

are you running server 2003, 2008, or 2012? it sounds like the infection may either still be there or has done some damage to your active directory. i had an infection on one of my servers that required a reload of the server and a rebuild of everything. i was down for 3 days, so be careful and make sure you have time to do this without impacting the users (holiday weekend maybe). what i would suggest is to back up your ad (export the the users to a .csv file), and clear all the users and reload them. IF THIS IS A PRODUCTION SERVER, MAKE SURE YOU HAVE 3 COPIES OF THE INFO. be very careful, you could mess up and hose everything. THE SAFEST WAY TO DO THIS IS TO USE A BACKUP SERVER, you don't want to crash your main server. you may need to use dcpromo to unistall the ad/dns and reinstall it. ONCE AGAIN, I STRESS THE IMPORTANCE OF USING A BACKUP SERVER AND MULTIPLE COPIES OF YOUR DATA. if you need a copy of a batch file to reload the users, i can post one here as a text file and you just change the extension to .bat.


----------



## peonowns (Apr 16, 2012)

had a friend with a similar problem.
asked him and he linked me to this post.

Might be worth a shot?.

Microsoft Support found the problem for us. Our domain accounts were locking when a Windows 7 computer was started. The Windows 7 computer had a hidden old password from the domain account.
There are passwords that can be stored in the SYSTEM context that can't be seen in the normal Credential Manager view.
Download PsExec.exe from http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx and copy it to C:\Windows\System32 .
From a command prompt run: psexec -i -s -d cmd.exe
From the new DOS window run: rundll32 keymgr.dll,KRShowKeyMgr
Remove any items that appear in the list of Stored User Names and Passwords. Restart the computer.


----------



## Puevan (Feb 16, 2013)

Thanks a lot and I will try it out.....
Puevan


----------



## Puevan (Feb 16, 2013)

Thanks anyway....
I will try out.
Puevan


----------

