Solved

AD Account locked out daily once

Posted on 2009-05-05
4
727 Views
Last Modified: 2012-05-06
Hi.. i have a problem in my AD account. it gets locked out automatically daily once. i am sure i am not entering any wrong password. i am in Server 2003 active directory. anybody have any solutions will be highly appreciated.

Thanks.
0
Comment
Question by:pshaduli
4 Comments
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 50 total points
ID: 24304032
Check that you do not have a scheduled task and/or service set to run using the account and an old password.
0
 
LVL 18

Assisted Solution

by:Americom
Americom earned 50 total points
ID: 24304053
Was there a password changed lately? If so, then you must have some scheduled task using this old password, or you could have terminal session or logged session on multiple machines still active. You can check your secuirty event logo on your DCs to find out which machine(s) the account was locked from.
0
 
LVL 27

Assisted Solution

by:bluntTony
bluntTony earned 50 total points
ID: 24304346
You may also want to clear out any cached credentials on the workstation you are logging on to.
Control Panel | User Accounts | Advanced | Manage Passwords - clear out any entries in here.
Like Americom says, check the event logs on your DC(s) for failed logon attempts. As well as the source machine, check the logon type on the event. This will give you an idea of the source : http://www.windowsecurity.com/articles/Logon-Types.html
For example, a logon type 3 will most likely refer to a bad attempt the connect to a shared folder on the network.
0
 
LVL 1

Accepted Solution

by:
FADVMSAdmin earned 100 total points
ID: 24314130
This typically happens in my company when an administrator RDPs into a server for whatever reason and then simply disconnects without logging off. Then when that admin has a scheduled password change, the old RDP session continues to use the old password causing lockouts such as this.

If you have access to the DCs of your network, I suggest using the Microsoft Account Lockout tools, especially the EventcombMT.exe to scour your DC's security log to find out where the lockout is coming from (i.e. your machine, some other server, etc). That should lead you to an answer. That is of course if your AD environment is auditing those kinds of events.

MS Account Lockout tools can be found here:
http://www.microsoft.com/downloads/details.aspx?familyid=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en

Some useful info:
http://technet.microsoft.com/en-us/library/cc738772.aspx
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question