Account locking source

I have a separate domain admin account that I use for admin functions, and since the last time I changed the password on it, it continually gets locked out.  I'm sure this is because I am logged in to a server somewhere, but I can't figure out where it is.  Is there any tool that I can use to see from which computer the old credentials are coming from?
brandenbAsked:
Who is Participating?
 
Mike KlineConnect With a Mentor Commented:
Check out some of these additonal troubleshooting steps
http://blogs.technet.com/b/instan/archive/2009/09/01/troubleshooting-account-lockout-the-pss-way.aspx
The trace they talk about can help.  Using something like netmon or wireshark.
Thanks
Mike
0
 
George SasIT EngineerCommented:
http://www.microsoft.com/downloads/en/details.aspx?FamilyId=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en

Check this link and the tools provided will help you find out where the lockout comes from.
0
 
brandenbAuthor Commented:
I already use the lockout status tool, which is great for unlocking the account, and it tells me from which DC the account was originally locked from, but I don't see anywhere where it tells me which computer the lockout came from.  I also added the dll for the extra information on the AD info screen, and while it is nice, it doesn't tell me what I want to know either.
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
KCTSCommented:
It could be that you have a service or scheduled task set to use the old password (which is why MS recommend NEVER using a user account for these) - Check these and the event logs
0
 
brandenbAuthor Commented:
Pretty sure I don't - I know what you are talking about, but we don't use user accounts for services or tasks.
0
 
KCTSCommented:
- stored credentials for a shared drive or printer ?
0
 
George SasIT EngineerCommented:
Tried to filter event log for failed authentication ?
0
 
George SasIT EngineerCommented:
You can also enable a more extensive logging :
http://technet.microsoft.com/en-us/library/cc773155%28WS.10%29.aspx

or use LockoutStatus.exe and set NetLogon logging on the account.
0
 
WeirdFishesCommented:
a few ideas on service accounts you might have not thought you are using with your domain admin account.

Backup service account
Imaging Service account
SQL service account
LAN/WAN Monitoring service account
Task Schedule accounts
Shared Drive / Printer account
Asset Managment Software service account
0
All Courses

From novice to tech pro — start learning today.