Link to home
Start Free TrialLog in
Avatar of brandenb

asked on

Account locking source

I have a separate domain admin account that I use for admin functions, and since the last time I changed the password on it, it continually gets locked out.  I'm sure this is because I am logged in to a server somewhere, but I can't figure out where it is.  Is there any tool that I can use to see from which computer the old credentials are coming from?
Avatar of George Sas
George Sas
Flag of Denmark image

Check this link and the tools provided will help you find out where the lockout comes from.
Avatar of brandenb


I already use the lockout status tool, which is great for unlocking the account, and it tells me from which DC the account was originally locked from, but I don't see anywhere where it tells me which computer the lockout came from.  I also added the dll for the extra information on the AD info screen, and while it is nice, it doesn't tell me what I want to know either.
It could be that you have a service or scheduled task set to use the old password (which is why MS recommend NEVER using a user account for these) - Check these and the event logs
Pretty sure I don't - I know what you are talking about, but we don't use user accounts for services or tasks.
- stored credentials for a shared drive or printer ?
Tried to filter event log for failed authentication ?
Avatar of Mike Kline
Mike Kline
Flag of United States of America image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
You can also enable a more extensive logging :

or use LockoutStatus.exe and set NetLogon logging on the account.
a few ideas on service accounts you might have not thought you are using with your domain admin account.

Backup service account
Imaging Service account
SQL service account
LAN/WAN Monitoring service account
Task Schedule accounts
Shared Drive / Printer account
Asset Managment Software service account