In a windows 2012 domain environment, an account was lockout due to incorrect password attempts. I have recently changed the password, but different security event logs in DC show that different caller computer names caused the lock, making me hard
to troubleshoot the cause. I have checked for the followings in these caller PCs:
- Manually mapped network drives
- Cached passwords (Credentials Manager in Windows 7, Manage passwords in Windows XP)
- Any disconnected Remote Desktop sessions on possible servers
- Check if the user has any scheduled tasks or services installed and running under the old credential on these PCs
But no irregularity was found. Any ideas? Thanks