Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.
Course Of The Month
7 days, 15 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Account locking source
Posted on 2010-09-13
I have a separate domain admin account that I use for admin functions, and since the last time I changed the password on it, it continually gets locked out. I'm sure this is because I am logged in to a server somewhere, but I can't figure out where it is. Is there any tool that I can use to see from which computer the old credentials are coming from?
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
3
2-
2
- +2
9 Comments
http://www.microsoft.com/downloads/en/details.aspx?FamilyId=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en
Check this link and the tools provided will help you find out where the lockout comes from.
Check this link and the tools provided will help you find out where the lockout comes from.
I already use the lockout status tool, which is great for unlocking the account, and it tells me from which DC the account was originally locked from, but I don't see anywhere where it tells me which computer the lockout came from. I also added the dll for the extra information on the AD info screen, and while it is nice, it doesn't tell me what I want to know either.
It could be that you have a service or scheduled task set to use the old password (which is why MS recommend NEVER using a user account for these) - Check these and the event logs
Pretty sure I don't - I know what you are talking about, but we don't use user accounts for services or tasks.
Check out some of these additonal troubleshooting steps
http://blogs.technet.com/b/instan/archive/2009/09/01/troubleshooting-account-lockout-the-pss-way.aspx
The trace they talk about can help. Using something like netmon or wireshark.
Thanks
Mike
http://blogs.technet.com/b/instan/archive/2009/09/01/troubleshooting-account-lockout-the-pss-way.aspx
The trace they talk about can help. Using something like netmon or wireshark.
Thanks
Mike
You can also enable a more extensive logging :
http://technet.microsoft.com/en-us/library/cc773155%28WS.10%29.aspx
or use LockoutStatus.exe and set NetLogon logging on the account.
http://technet.microsoft.com/en-us/library/cc773155%28WS.10%29.aspx
or use LockoutStatus.exe and set NetLogon logging on the account.
a few ideas on service accounts you might have not thought you are using with your domain admin account.
Backup service account
Imaging Service account
SQL service account
LAN/WAN Monitoring service account
Task Schedule accounts
Shared Drive / Printer account
Asset Managment Software service account
Backup service account
Imaging Service account
SQL service account
LAN/WAN Monitoring service account
Task Schedule accounts
Shared Drive / Printer account
Asset Managment Software service account
Featured Post
Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory.
If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Let's recap what we learned from yesterday's Skyport Systems webinar.
- Ransomware
- Experts Exchange
- Skyport Systems
- Active Directory
- Security
- *privileged credentials
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Earn Certification
HTML5 Specialist - Certification
Free withPremium
Course of the Month7 days, 15 hours left to enroll
617 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.