• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 288
  • Last Modified:

account locked out every day

hello, recently made users change there passwords, and i have a couple that lock a couple of times a day,

likley cause is an app or service using there account for authentication,   but no idea how to find out where this is.

anyone suggest what logging to use or any utilites that can tell me when a user/app tries to logon and where it is.

1 Solution
Well first off you should check on which credentials the services are running. On XP machines goto Control Panel -> Administrative tools -> Services and from that list check which services have "Log On As" setting set to other than Local System and check password on those services. Then check the event log from the workstation and see which application is giving you warnings or errors.

Hope this helps =)
mhamerAuthor Commented:
its teh domain account, thats getting locked out not an actual prob with an app, the trouble is we dont  know where this service is (as in 1000+ machines in use) and although we are manualy checking wondering if there was an automated solution
On the domain controller, look through the Security log...  Search for the account that is getting locked out...

You should be able to find something like this:

User Account Locked Out:          Target Account Name:        lockedoutuser1          Target Account ID:        domaintest\lockedoutuser1          Caller Machine Name:        Machine1

This will tell you what machine is locking out the account... this can be helpful in further troubleshooting...

The next step would be to go to the machine1 server (desktop) and look through the services on the machine.  Many times, people will install a service with a domain user account (as startup type).  This is problematic as when the domain account password changes, it is not automatically updated on the service...

Anyway, if you still need to troubleshoot this further, you can use a tool called: LockoutStatus.exe   http://www.microsoft.com/downloads/details.aspx?FamilyID=d1a5ed1d-cd55-4829-a189-99515b0e90f7&DisplayLang=en

In addition, it may be required to enable Kerberos loggin on your DC's...  http://support.microsoft.com/default.aspx?scid=kb;en-us;262177

In addition, you may be required to run some netcap captures.... to analyze traffic...

Hi mhamer,

check this from ms

you will need to register teh dll's and it adds an additional TAB to their account in AD which provides a lot of detail
mhamerAuthor Commented:
I have all the account infor and lock out staus stuff thanks.

audit failire should up the machine causing it  no services running under there name though  but its 400 miles away so will just image it  cant be anything important on it.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now