User Account Automatically locks out in AD on Windows 2003 server

User Account Automatically locks out in AD on Windows 2003 server. This has happened a couple of times. Is there any diagnostics or Fault finding that can be done ?
Can we ascertain whic Pc Is using that user account to log on etc...
Is there any thing that one can do to stop it and to go the bottome of the problem.

thx
adam
adam_kan2000Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

kumarnirmalCommented:
Hi,

This issue might be cause the activity of conflicker worm on your network , you can identified the machines causing account lock from the failure logs on the security logs.

Apply KB958644 & KB890830 and the restart the computer then run "c:\windows\system32\mrt.exe /F:Y to remove conflicker worm.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ncomperCommented:
Does this happen when logging into different machines?

Also is the account set to  expire at any point?
0
kumarnirmalCommented:
the account lock out is happening for a particular user or randomly the accounts get locked ?
 
0
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

adam_kan2000Author Commented:
It is only happening for one user and there is not a lot in the security logs ?
0
DarrenJLCommented:
It does sound a lot like the Conficker worm (http://support.microsoft.com/kb/962007) but it could also be something else.

We use a proxy server to protect our users from the web and occasionally this locks certain users out. One user (Web development) uses Safari as one of their web browsers and that tries multiple times to connect to the web through the proxy server, after the 10th attempt it locks the users account and requires a member of IT to unlock it again.

Our Proxy server is connected via LDAP to our AD infrastructure.

Darren
0
adam_kan2000Author Commented:
Is there any diagnostics work that can be done on the AD

Thx
Adam
0
DarrenJLCommented:
You can enable advanced ldownloading the Account Lockout and Management Tools

http://www.microsoft.com/downloads/details.aspx?FamilyId=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en

Darren
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.