Solved

AD Account locked out daily once

Posted on 2009-05-05
4
732 Views
Last Modified: 2012-05-06
Hi.. i have a problem in my AD account. it gets locked out automatically daily once. i am sure i am not entering any wrong password. i am in Server 2003 active directory. anybody have any solutions will be highly appreciated.

Thanks.
0
Comment
Question by:pshaduli
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 50 total points
ID: 24304032
Check that you do not have a scheduled task and/or service set to run using the account and an old password.
0
 
LVL 18

Assisted Solution

by:Americom
Americom earned 50 total points
ID: 24304053
Was there a password changed lately? If so, then you must have some scheduled task using this old password, or you could have terminal session or logged session on multiple machines still active. You can check your secuirty event logo on your DCs to find out which machine(s) the account was locked from.
0
 
LVL 27

Assisted Solution

by:bluntTony
bluntTony earned 50 total points
ID: 24304346
You may also want to clear out any cached credentials on the workstation you are logging on to.
Control Panel | User Accounts | Advanced | Manage Passwords - clear out any entries in here.
Like Americom says, check the event logs on your DC(s) for failed logon attempts. As well as the source machine, check the logon type on the event. This will give you an idea of the source : http://www.windowsecurity.com/articles/Logon-Types.html
For example, a logon type 3 will most likely refer to a bad attempt the connect to a shared folder on the network.
0
 
LVL 1

Accepted Solution

by:
FADVMSAdmin earned 100 total points
ID: 24314130
This typically happens in my company when an administrator RDPs into a server for whatever reason and then simply disconnects without logging off. Then when that admin has a scheduled password change, the old RDP session continues to use the old password causing lockouts such as this.

If you have access to the DCs of your network, I suggest using the Microsoft Account Lockout tools, especially the EventcombMT.exe to scour your DC's security log to find out where the lockout is coming from (i.e. your machine, some other server, etc). That should lead you to an answer. That is of course if your AD environment is auditing those kinds of events.

MS Account Lockout tools can be found here:
http://www.microsoft.com/downloads/details.aspx?familyid=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en

Some useful info:
http://technet.microsoft.com/en-us/library/cc738772.aspx
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question