Solved

Account Lockout and no Auditing Records

Posted on 2008-10-23
3
814 Views
Last Modified: 2008-10-23
We just went through a domain wide password change and everything went well except for a few users.  Randomly there account get locked out.  We have been unable to track down this problem.  When I take a look at the domain controllers for these events I am unable to find them.  I took a test domain account and got it to lock out but I am unable to find the event record on the Domain Controllers that show the lockout.  Any ideas?
0
Comment
Question by:thomashospital
3 Comments
 
LVL 7

Accepted Solution

by:
Dusan_Bajic earned 250 total points
ID: 22786136
You probably have some services or tasks running with that accounts credentials and old password. Make sure that you audit failed logons:

Open GPMC
Select Default Domain Controllers Policy (or whichever Domain Controllers Policy is used within your environment)
Click on the Edit button
Select Computer Configuration, Windows Settings, Security Settings, Local Policies, Audit Policy
Audit account logon events: failure
Audit logon events: failure
0
 
LVL 3

Expert Comment

by:Karl12347
ID: 22786153
Use the following tool from microsoft to search all you domain controller event logs for event with that users name.
http://www.microsoft.com/downloads/details.aspx?FamilyId=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en

EventCombMT.exe

Found this very usefull in the past.

Generally the problem will be due to the user being logged onto 2 workstations one will have the old password and they will be getting locked out frequently when using the new password. This is because the other logged on machine will still be communcating with the domain controller.

Same thing happens with network drive mappings using the old credentials.

Hope this helps.
0
 
LVL 8

Expert Comment

by:Sinder255248
ID: 22786164
Have you enabled Account Management for Failure in the Domain Controller Security policy?

Also if you need to track it down you can enable Netlogon loggins.  Download the LockoutStatus tool from Microsoft, search on the target, right click on the DC you wish to monitor, and click Enable Netlogon Logging...  leave it until this account locks out then go view the log through this tool.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup". After a while, you have entered a loop for Auto repair which does not fix anything and you will be in a  panic as all your work w…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now