Madrilleno
asked on
User account locked out of Active directory occasionally
I have a 50 user AD domain running in Native 2000 mode. Every so often, one of my users (a domain admin account actually) gets locked out and has to have the account reset before logging in again. I'm pretty certain that it's not someone maliciooulsy trying to get in using his login, but I can't find out why it's happenning.
I have a suspicion that there may be a service running somewhere as the user rather than System or Network, etc. but I have no way of finding if this is the fact.
Can someone help me to troubleshoot this? Is there any way to find services running under this account name in the domain?
Madrilleno
I have a suspicion that there may be a service running somewhere as the user rather than System or Network, etc. but I have no way of finding if this is the fact.
Can someone help me to troubleshoot this? Is there any way to find services running under this account name in the domain?
Madrilleno
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
This may have been related to a stored password on the user's machine. I have deleted these and will monitor for the error returning.
Toniur: I'm going to give you the points just for the link, these utilities pointed me in the direction of the solution I am trying.
Toniur: I'm going to give you the points just for the link, these utilities pointed me in the direction of the solution I am trying.
I would suggest that you check computer with IP: 10.0.0.7 or install ALockout.dll from ALTools on this computer.
Do not use this tool on servers that host network applications or services. Also, you should not use ALockout.dll on Exchange servers, because it may prevent the Exchange store from starting.
Event 676 tells you that asmith is probably already locked out.
Failure Code: 0x12 - Account disabled, expired, or locked out.
Do you have any 675 events in your security log?
Do not use this tool on servers that host network applications or services. Also, you should not use ALockout.dll on Exchange servers, because it may prevent the Exchange store from starting.
Event 676 tells you that asmith is probably already locked out.
Failure Code: 0x12 - Account disabled, expired, or locked out.
Do you have any 675 events in your security log?
ASKER
Event Type: Failure Audit
Event Source: Security
Event Category: Account Logon
Event ID: 676
Date: 25/01/2008
Time: 10:02:36
User: NT AUTHORITY\SYSTEM
Computer: SERVER03
Description:
Authentication Ticket Request Failed:
User Name: asimth
Supplied Realm Name: SPDF
Service Name: krbtgt/SPDF
Ticket Options: 0x40810010
Failure Code: 0x12
Client Address: 10.0.0.7