Solved

Account locking source

Posted on 2010-09-13
9
294 Views
Last Modified: 2012-06-27
I have a separate domain admin account that I use for admin functions, and since the last time I changed the password on it, it continually gets locked out.  I'm sure this is because I am logged in to a server somewhere, but I can't figure out where it is.  Is there any tool that I can use to see from which computer the old credentials are coming from?
0
Comment
Question by:brandenb
  • 3
  • 2
  • 2
  • +2
9 Comments
 
LVL 13

Expert Comment

by:George Sas
Comment Utility
http://www.microsoft.com/downloads/en/details.aspx?FamilyId=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en

Check this link and the tools provided will help you find out where the lockout comes from.
0
 

Author Comment

by:brandenb
Comment Utility
I already use the lockout status tool, which is great for unlocking the account, and it tells me from which DC the account was originally locked from, but I don't see anywhere where it tells me which computer the lockout came from.  I also added the dll for the extra information on the AD info screen, and while it is nice, it doesn't tell me what I want to know either.
0
 
LVL 70

Expert Comment

by:KCTS
Comment Utility
It could be that you have a service or scheduled task set to use the old password (which is why MS recommend NEVER using a user account for these) - Check these and the event logs
0
 

Author Comment

by:brandenb
Comment Utility
Pretty sure I don't - I know what you are talking about, but we don't use user accounts for services or tasks.
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 70

Expert Comment

by:KCTS
Comment Utility
- stored credentials for a shared drive or printer ?
0
 
LVL 13

Expert Comment

by:George Sas
Comment Utility
Tried to filter event log for failed authentication ?
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
Comment Utility
Check out some of these additonal troubleshooting steps
http://blogs.technet.com/b/instan/archive/2009/09/01/troubleshooting-account-lockout-the-pss-way.aspx
The trace they talk about can help.  Using something like netmon or wireshark.
Thanks
Mike
0
 
LVL 13

Expert Comment

by:George Sas
Comment Utility
You can also enable a more extensive logging :
http://technet.microsoft.com/en-us/library/cc773155%28WS.10%29.aspx

or use LockoutStatus.exe and set NetLogon logging on the account.
0
 
LVL 1

Expert Comment

by:WeirdFishes
Comment Utility
a few ideas on service accounts you might have not thought you are using with your domain admin account.

Backup service account
Imaging Service account
SQL service account
LAN/WAN Monitoring service account
Task Schedule accounts
Shared Drive / Printer account
Asset Managment Software service account
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Join & Write a Comment

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
Learn about cloud computing and its benefits for small business owners.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now