Root causes or reasons for account lockout?

The root causes for the account lockout are,

  • Programs using cached credentials.
  • Resetting the password for a service account and failing to reset the same in the service control manager.
  • "Account Lockout Threshold" value set too low(less than 10 invalid logon attempts).
  • Forgetting the password due to strictly tightened password complexity and password length.(Recommended password length = 8 characters).
  • User logging on to multiple computers
  • Stored user names and passwords retain redundant credentials
  • Scheduled processes may be configured to using credentials that have expired.
  • Persistent drives may have been established with credentials that subsequently expired.
  • User properties must replicate between domain controllers to ensure that account lockout information is processed properly.
  • Disconnected Terminal Server sessions may be running a process that accesses network resources with outdated authentication information.
  • Virus or malwares taking control of RPC service and executing remote codes in all connected domain controllers and computers,causing bulk unexpected account lockouts.