I have an an account which is being periodically locked out on our network (once a day roughly).
We use active directory, with multiple domains, spread across hundreds of servers.
How can I find out on which server this account is being locked out on?
I'm guessing there is a scheduled task which is being run, where the password hasn't been changed.
Microsoft provides some great add-ons which can help quite a bit with this. Here is a lint to those tools: Account Lockout and Management Tools
and here is some articles on how to use the tools: http://technet.microsoft.com/en-us/library/cc738772.aspx http://www.windowsecurity.com/articles/Implementing-Troubleshooting-Account-Lockout.html
The one which would probably be most helpful is the LockoutStatus.exe, as it will find all of the domain controllers in your forest/domain and return to you that last time in which there was an unsuccessful login attempt. It will also tell you if the account is locked on that DC, and provides you the ability to unlock at that site.
My first action would be to enable security loggin for failed logon and attempts on the domain security policy, this may give you some insight into what is causing the lockout.
It's either a scheduled task, the account is being used for a service on some machine, or the person has logged onto another machine and locked it, and is still logged on and locked, under the old credentials.