Saturday, November 26, 2016

Exchange User Account locked by attack from bad password. Event ID 4740

Hello readers, in this article, I am going to discuss about 'Exchange user account locked from bad password', which is also known as Exchange Server error event ID 4740. As you might know that there could be many several reasons to Exchange user account locked out. Some could be intentionally, while some could be un-intentionally. In below sections, we will discuss about this error in more described way.
Exchange User Account locked by attack from bad password. Event ID 4740

Exchange User Account Lock – Causes

There could be many reasons which could lead the Exchange user account in locked situations. Some of those are mentioned below:
  1. Cause of any virus sent by any internally connected PC with Exchange Server.
  2. User might have changed the password, and then he might have forgotten then newly set password.
  3. User Account might tied to the persistent mapped drive.
  4. User Account might be used as an IIS application pool identity
  5. User Account might have tied with a scheduled task
There could be many other reasons also. But the main thing is 'how to unlock those account which have been locked from bad password'.

Resolution to the Error 4740 'User Account Locked'

There are basically two ways for troubleshooting the error 'User Account Locked'. The first one is chase down the logon events and look for auditing configuration. Or the second way is to wait for that time until the user account is locked out. Whenever an account is locked then event is generated with code 4740 and forwarded to PDC Emulator.

Just follow below mentioned steps for resolution of Error 4740

Here we will run the script to disable Active Directory account lockout audit event 4740. For doing this, we just need to delete success audit from User Account Management. Please run below-mentioned command for this:
auditpol /set /subcategory:"User Account Management" /success:disable
You can also remove the success setting by going through default domain controller Group Policy Object (GPO). For this you just have to the below-mentioned location:
First Go to Computer configuration then Policies then Windows Settings then Security settings and then Audit Policy and then Account Management.
That’s all, what you have to do to remove Exchange user account locked error.


As we know that, in above sections we have discussed about Exchange user account locked because of bad password. Which is also known as Exchange event ID 4740. We discussed the general causes which could lead an Exchange user account into locked situation. Other than the reasons, we also discussed the resolution techniques to get out from this user account locked down situation.


Post a Comment

Post a reply