Solved

Active Directory block accounts of some of my users

Posted on 2009-07-16
4
828 Views
Last Modified: 2012-05-07
Hi
We have a Windows 2003 Server with AD running in two servers with Microsoft Exchange Server in one of them. After about one month all our accounts come blocked every morning and severall times by day by the Active Directory himself.
We have all the licencensing process ok and service "License Logging Server" running ok.
Why this happens ? How to solve the situation ?
Can you help please ?
Thank you very mutch Raul
0
Comment
Question by:raulcord
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 26

Expert Comment

by:MidnightOne
ID: 24873095
What do you mean by all accounts become blocked? Users are unable to log in? What error message, if any, do they get?
0
 
LVL 1

Expert Comment

by:admin_lbpsb
ID: 24873375
Sounds like a virus to me. Have a look at Event Viewer, Security for Event ID 644 (locked out accounts) on both AD servers. The event will list the computer trying to log in.
0
 
LVL 4

Accepted Solution

by:
DarrenJL earned 500 total points
ID: 24877745
It does sound a lot like the Conficker worm (http://support.microsoft.com/kb/962007) but it could also be something else.

We use a proxy server to protect our users from the web and occasionally this locks certain users out. One user (Web development) uses Safari as one of their web browsers and that tries multiple times to connect to the web through the proxy server, after the 10th attempt it locks the users account and requires a member of IT to unlock it again.

Our Proxy server is connected via LDAP to our AD infrastructure.

Darren
0
 

Author Comment

by:raulcord
ID: 25351455
Thank you very mutch
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question