Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Account locking source

Posted on 2010-09-13
9
Medium Priority
?
301 Views
Last Modified: 2012-06-27
I have a separate domain admin account that I use for admin functions, and since the last time I changed the password on it, it continually gets locked out.  I'm sure this is because I am logged in to a server somewhere, but I can't figure out where it is.  Is there any tool that I can use to see from which computer the old credentials are coming from?
0
Comment
Question by:brandenb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +2
9 Comments
 
LVL 13

Expert Comment

by:George Sas
ID: 33666155
http://www.microsoft.com/downloads/en/details.aspx?FamilyId=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en

Check this link and the tools provided will help you find out where the lockout comes from.
0
 

Author Comment

by:brandenb
ID: 33666222
I already use the lockout status tool, which is great for unlocking the account, and it tells me from which DC the account was originally locked from, but I don't see anywhere where it tells me which computer the lockout came from.  I also added the dll for the extra information on the AD info screen, and while it is nice, it doesn't tell me what I want to know either.
0
 
LVL 70

Expert Comment

by:KCTS
ID: 33666285
It could be that you have a service or scheduled task set to use the old password (which is why MS recommend NEVER using a user account for these) - Check these and the event logs
0
Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

 

Author Comment

by:brandenb
ID: 33666299
Pretty sure I don't - I know what you are talking about, but we don't use user accounts for services or tasks.
0
 
LVL 70

Expert Comment

by:KCTS
ID: 33666322
- stored credentials for a shared drive or printer ?
0
 
LVL 13

Expert Comment

by:George Sas
ID: 33666335
Tried to filter event log for failed authentication ?
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 2000 total points
ID: 33666513
Check out some of these additonal troubleshooting steps
http://blogs.technet.com/b/instan/archive/2009/09/01/troubleshooting-account-lockout-the-pss-way.aspx
The trace they talk about can help.  Using something like netmon or wireshark.
Thanks
Mike
0
 
LVL 13

Expert Comment

by:George Sas
ID: 33666561
You can also enable a more extensive logging :
http://technet.microsoft.com/en-us/library/cc773155%28WS.10%29.aspx

or use LockoutStatus.exe and set NetLogon logging on the account.
0
 
LVL 1

Expert Comment

by:WeirdFishes
ID: 33668361
a few ideas on service accounts you might have not thought you are using with your domain admin account.

Backup service account
Imaging Service account
SQL service account
LAN/WAN Monitoring service account
Task Schedule accounts
Shared Drive / Printer account
Asset Managment Software service account
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question