I have a 50 user AD domain running in Native 2000 mode. Every so often, one of my users (a domain admin account actually) gets locked out and has to have the account reset before logging in again. I'm pretty certain that it's not someone maliciooulsy trying to get in using his login, but I can't find out why it's happenning.
I have a suspicion that there may be a service running somewhere as the user rather than System or Network, etc. but I have no way of finding if this is the fact.
Can someone help me to troubleshoot this? Is there any way to find services running under this account name in the domain?