Sophos AD Account Locking....Why cant Sophos fix this !!!!

I had a similar issue a while ago and used the following tool to diagnose what was going on:

http://serverfault.com/questions/277790/how-can-i-find-out-why-specific-ad-accounts-are-being-locked-daily

install lockoutstatus.msi

open Command prompt and type:

• CD C:\Program Files (x86)\Windows Resource Kits\Tools

Use the following command:

• lockoutstatus.exe -u:[domain]\[Username]

On the relevant DC highlighted in the report "Last Bad Pwd" column, check the security event logs filtering on 4740 and this give you the machine name that you are locking out on.

In my instance someone had run a batch file that had a misconfigured account which caused the underlying issues.

Best of luck sorting out the RCA though

I had a similar issue a while ago and used the following tool to diagnose what was going on:

http://serverfault.com/questions/277790/how-can-i-find-out-why-specific-ad-accounts-are-being-locked-daily

install lockoutstatus.msi

open Command prompt and type:

• CD C:\Program Files (x86)\Windows Resource Kits\Tools

Use the following command:

• lockoutstatus.exe -u:[domain]\[Username]

On the relevant DC highlighted in the report "Last Bad Pwd" column, check the security event logs filtering on 4740 and this give you the machine name that you are locking out on.

In my instance someone had run a batch file that had a misconfigured account which caused the underlying issues.

Best of luck sorting out the RCA though