Go Back   TechArena Community > Technical Support > Computer Help > Windows Server > Active Directory
Become a Member!
Forgot your username/password?
Register Tags Active Topics RSS Search Mark Forums Read

Sponsored Links



Account constantly locked out

Active Directory


Reply
 
Thread Tools Search this Thread
  #1  
Old 05-04-2007
tke402
 
Posts: n/a
Account constantly locked out

I adjusted my account lockout policy to lock a user account after 5 invlaid
attempts. Since that change yesterday, I have had to reset my account 3
times. I have logged in without making a mistake on my password. I'm thinking
there is a scheduled task somewhere using my credentials or there is someone
trying to guess my password. Is there a utility or an LDAP command that will
show where my user account is being used to log into the network? What other
ways can I use to track this down?

Reply With Quote
  #2  
Old 05-04-2007
Danny Sanders
 
Posts: n/a
I would start by checking the services running on your computer for a
service running under your account, and change that password.

Also, if you are logged on anywhere with an old password, that will
cause the same problem.
Reply With Quote
  #3  
Old 06-04-2007
Paul Bergson [MVP-DS]
 
Posts: n/a
Re: Account constantly locked out

Is the account logged into more than one machine or is it running a service
on the same machine? A user could have mapped drives to a resource from one
machine, on a different machine he changes his password and then the first
machine attempts to stay mapped to a drive and the password is no longer
correct and eventually locks the user out. Or after a password is changed a
service is running that attempts to authenticate with an old password.

To help try and track down where the account is getting locked out use
eventcomboMT.exe from the Account Lockout tools found out Microsoft's
website. Use the built in search AccountLockouts and search in the created
text files for the user in question.

http://www.microsoft.com/downloads/d...9-b999adde0b9e
Reply With Quote
  #4  
Old 06-04-2007
Prith
 
Posts: n/a
Re: Account constantly locked out

Also, please enable netlogon logging on all the domain controllers starting
with the PDC.

http://support.microsoft.com/kb/109626/

After enabling the log and when the account gets locked out, please parse
the logs for the 6A (bad password events) and check from which computer they
are coming.
Reply With Quote
  #5  
Old 06-04-2007
Paul Bergson [MVP-DS]
 
Posts: n/a
Re: Account constantly locked out

I haven't had the need to do this, if the eventcombo is used. Not saying
that he won't need it but I would suggest he try the eventcombo for
starters.
Reply With Quote
  #6  
Old 08-04-2007
Member
 
Join Date: Jul 2009
Posts: 1
Re: Account constantly locked out

Yes, eventcomb built-in search is very helpful, in these cases, but if that
does not help this is a little advanced to go deeper, shows all the NTLM
based lockouts.

I normally do both at the same time to gather all the relevant data at the
same time.

Please try eventcomb first.
Reply With Quote
  #7  
Old 12-02-2010
Member
 
Join Date: Feb 2010
Posts: 3
Re: Account constantly locked out

The Netwrix account lockout examiner can prob help. It examines all schedules tasks and show where account is used and locked
Reply With Quote
  #8  
Old 28-04-2011
Stevemorris
 
Posts: n/a
Re: Account constantly locked out

Bobby is right, netwrix account lockout examiner will tell you why you are getting locked out.
Reply With Quote
  #9  
Old 30-12-2011
Member
 
Join Date: Dec 2011
Posts: 1
Re: Account constantly locked out

I was having a problem similar to this. I am not saying this is the fix for you but here is what I had.

User account would lock out after 5-10 minutes. At first I suspected machine and services. No services were using the user account to start. Then I thought running processes on startup. Then I noticed the user would lock without even being logged into the machine. Ok easy has to be replication problem. No repl problems were found and could unlock on one domain controller and would instantly unlock on all others.

Then I noticed the end user typing on their older Andriod phone.... hmm. Are you using that to get your corporate Email? "Yes but it hasn't worked in a while". Ever since you changed your password? "Yes right around there".

Delete corporate email from phone. Waited half an hour and account didn't lock. Log into the exchange server for that account and review security logs yep there it was plain as day a bunch of failed OWA logins.

I feel stupid for not looking on the exchange server first but at least I found it. Maybe this will give you another spot to look.

Regards
J
Reply With Quote
Reply

  TechArena Community > Technical Support > Computer Help > Windows Server > Active Directory
Tags: , , ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "Account constantly locked out"
Thread Thread Starter Forum Replies Last Post
User account being locked out Robbin M Active Directory 1 28-04-2011 09:28 PM
Event id 672, 675, 680 - Account getting locked out Rising Windows Security 3 26-04-2009 05:45 AM
Account is locked out... antogod Operating Systems 4 02-02-2009 04:15 PM
Exclude Admin account from Account Locked out policy Manik Active Directory 3 18-12-2008 01:07 AM
Administrator Account Locked Out Nadeem Windows Security 2 24-04-2008 05:30 PM


All times are GMT +5.5. The time now is 01:56 AM.