brandenb
asked on
Account locking source
I have a separate domain admin account that I use for admin functions, and since the last time I changed the password on it, it continually gets locked out. I'm sure this is because I am logged in to a server somewhere, but I can't figure out where it is. Is there any tool that I can use to see from which computer the old credentials are coming from?
ASKER
I already use the lockout status tool, which is great for unlocking the account, and it tells me from which DC the account was originally locked from, but I don't see anywhere where it tells me which computer the lockout came from. I also added the dll for the extra information on the AD info screen, and while it is nice, it doesn't tell me what I want to know either.
It could be that you have a service or scheduled task set to use the old password (which is why MS recommend NEVER using a user account for these) - Check these and the event logs
ASKER
Pretty sure I don't - I know what you are talking about, but we don't use user accounts for services or tasks.
- stored credentials for a shared drive or printer ?
Tried to filter event log for failed authentication ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You can also enable a more extensive logging :
http://technet.microsoft.com/en-us/library/cc773155%28WS.10%29.aspx
or use LockoutStatus.exe and set NetLogon logging on the account.
http://technet.microsoft.com/en-us/library/cc773155%28WS.10%29.aspx
or use LockoutStatus.exe and set NetLogon logging on the account.
a few ideas on service accounts you might have not thought you are using with your domain admin account.
Backup service account
Imaging Service account
SQL service account
LAN/WAN Monitoring service account
Task Schedule accounts
Shared Drive / Printer account
Asset Managment Software service account
Backup service account
Imaging Service account
SQL service account
LAN/WAN Monitoring service account
Task Schedule accounts
Shared Drive / Printer account
Asset Managment Software service account
Check this link and the tools provided will help you find out where the lockout comes from.