• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 304
  • Last Modified:

Account locking source

I have a separate domain admin account that I use for admin functions, and since the last time I changed the password on it, it continually gets locked out.  I'm sure this is because I am logged in to a server somewhere, but I can't figure out where it is.  Is there any tool that I can use to see from which computer the old credentials are coming from?
0
brandenb
Asked:
brandenb
  • 3
  • 2
  • 2
  • +2
1 Solution
 
George SasIT EngineerCommented:
http://www.microsoft.com/downloads/en/details.aspx?FamilyId=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en

Check this link and the tools provided will help you find out where the lockout comes from.
0
 
brandenbAuthor Commented:
I already use the lockout status tool, which is great for unlocking the account, and it tells me from which DC the account was originally locked from, but I don't see anywhere where it tells me which computer the lockout came from.  I also added the dll for the extra information on the AD info screen, and while it is nice, it doesn't tell me what I want to know either.
0
 
KCTSCommented:
It could be that you have a service or scheduled task set to use the old password (which is why MS recommend NEVER using a user account for these) - Check these and the event logs
0
Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

 
brandenbAuthor Commented:
Pretty sure I don't - I know what you are talking about, but we don't use user accounts for services or tasks.
0
 
KCTSCommented:
- stored credentials for a shared drive or printer ?
0
 
George SasIT EngineerCommented:
Tried to filter event log for failed authentication ?
0
 
Mike KlineCommented:
Check out some of these additonal troubleshooting steps
http://blogs.technet.com/b/instan/archive/2009/09/01/troubleshooting-account-lockout-the-pss-way.aspx
The trace they talk about can help.  Using something like netmon or wireshark.
Thanks
Mike
0
 
George SasIT EngineerCommented:
You can also enable a more extensive logging :
http://technet.microsoft.com/en-us/library/cc773155%28WS.10%29.aspx

or use LockoutStatus.exe and set NetLogon logging on the account.
0
 
WeirdFishesCommented:
a few ideas on service accounts you might have not thought you are using with your domain admin account.

Backup service account
Imaging Service account
SQL service account
LAN/WAN Monitoring service account
Task Schedule accounts
Shared Drive / Printer account
Asset Managment Software service account
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 3
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now