Solved

Account keeps locking out

Posted on 2008-10-28
3
701 Views
Last Modified: 2013-12-24
we have an account that is continually getting locked out.  Is there any way we can find out where it is getting locked out from?  I looked in security on the DC and both don't show any failed login attempts...  Any utilities out there that can show incoming authentication attempts?
0
Comment
Question by:TCrockett
3 Comments
 
LVL 17

Expert Comment

by:JohnGerhardt
ID: 22823728
0
 
LVL 35

Accepted Solution

by:
Joseph Daly earned 250 total points
ID: 22823819
Ok here is where I would start. Download the Account Lockout tools from microsoft.
http://www.microsoft.com/downloads/details.aspx?FamilyId=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en

Youll want to run the LockoutStatus.exe on the account that is getting the frequent lockouts. This should return the domain controller where the account was locked out and also the time. If you have multiple DC's its possible one of the other ones is locking the account and you cant see it.

Once you have the lockout time and location then you can check the event logs on that domain controller to for failed events.
0
 

Author Comment

by:TCrockett
ID: 22828121
Here is what it shows, It shows that the lockout is coming from itself???:

Target Account Name:      avhadmin
       Target Account ID:      xxx\admin
       Caller Machine Name:      xxx-DC1
       Caller User Name:      xxx-DC1$
       Caller Domain:      xxxx
       Caller Logon ID:      (0x0,0x3E7)
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

This article describes some very basic things about SQL Server filegroups.
Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
Video by: Steve
Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now