|
| |||||||||
| Tags: account, active directory, password, user account |
Account constantly locked out
Active Directory
 |
| | Thread Tools | Search this Thread |
|
| |||||||||
| Tags: account, active directory, password, user account |
|
| | Thread Tools | Search this Thread |
|
#1
05-04-2007
| |||
| |||
| Account constantly locked out attempts. Since that change yesterday, I have had to reset my account 3 times. I have logged in without making a mistake on my password. I'm thinking there is a scheduled task somewhere using my credentials or there is someone trying to guess my password. Is there a utility or an LDAP command that will show where my user account is being used to log into the network? What other ways can I use to track this down?  |
|
#2
05-04-2007
| |||
| |||
|
I would start by checking the services running on your computer for a service running under your account, and change that password. Also, if you are logged on anywhere with an old password, that will cause the same problem. |
|
#3
06-04-2007
| |||
| |||
| Re: Account constantly locked out
Is the account logged into more than one machine or is it running a service on the same machine? A user could have mapped drives to a resource from one machine, on a different machine he changes his password and then the first machine attempts to stay mapped to a drive and the password is no longer correct and eventually locks the user out. Or after a password is changed a service is running that attempts to authenticate with an old password. To help try and track down where the account is getting locked out use eventcomboMT.exe from the Account Lockout tools found out Microsoft's website. Use the built in search AccountLockouts and search in the created text files for the user in question. http://www.microsoft.com/downloads/d...9-b999adde0b9e |
|
#4
06-04-2007
| |||
| |||
| Re: Account constantly locked out
Also, please enable netlogon logging on all the domain controllers starting with the PDC. http://support.microsoft.com/kb/109626/ After enabling the log and when the account gets locked out, please parse the logs for the 6A (bad password events) and check from which computer they are coming. |
|
#5
06-04-2007
| |||
| |||
| Re: Account constantly locked out
I haven't had the need to do this, if the eventcombo is used. Not saying that he won't need it but I would suggest he try the eventcombo for starters. |
|
#6
08-04-2007
| |||
| |||
| Re: Account constantly locked out
Yes, eventcomb built-in search is very helpful, in these cases, but if that does not help this is a little advanced to go deeper, shows all the NTLM based lockouts. I normally do both at the same time to gather all the relevant data at the same time. Please try eventcomb first. |
|
|
| Thread Tools | Search this Thread |
| |
Similar Threads for: "Account constantly locked out" | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| ACCOUNT IS LOCKED REPEATEDLY | Francisco Rugamas | Active Directory | 2 | 25-11-2009 04:17 AM |
| Account is locked out... | antogod | Operating Systems | 4 | 02-02-2009 04:15 PM |
| Exclude Admin account from Account Locked out policy | RayRogers | Active Directory | 19 | 18-12-2008 01:07 AM |
| User account being locked out | Dale Crowder | Active Directory | 3 | 19-09-2008 07:24 PM |
| Administrator Account Locked Out | FireBob57 | Windows Security | 6 | 24-04-2008 05:30 PM |
