I have an account that is getting locked out on a regular basis. This user changed the password recently (about the time the problem started... go figure). I believe the user is still logged in somewhere or has some other connection/services that are trying to use their old password and periodically causes the lock-out. However I am having a tough time tracking it down. I remember being peripherally involved with another admin several years ago in developing a script that polled DC's and logged information about user connections... and I believe an approach like that could work for me in this situation, but before I start scratching my head over that, I thought I might ask you guys if you had a better approach.. or perhaps knew of a script I could get my hands on and modify to my needs. Thanks for any input. -David