?
Solved

account lockouts

Posted on 2010-11-12
7
Medium Priority
?
926 Views
Last Modified: 2012-05-10
I am current logged into a machine.  AD is now 2008 R2.  whaen I change my password I now get locked out because I am still logged in somewhere.  How do I find out where I am logged into,  I've used the Built in event ids in eventcomb and have added 4625 and 4771, it finds pad passwords though I dont have an ip from where it is locking me out.  Help! Its driving me nuts.  I also use lockoutstatus.exe so I know which dc its authenticating with
0
Comment
Question by:malcatt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 27

Accepted Solution

by:
KenMcF earned 1000 total points
ID: 34124968
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 34124975
0
 
LVL 13

Assisted Solution

by:markusdamenous
markusdamenous earned 500 total points
ID: 34124991
Do you have your username configured on a service within the domain somewhere.  If you haven't changed your password on the service that it using the old one, it could be a source for lockouts.
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 27

Assisted Solution

by:KenMcF
KenMcF earned 1000 total points
ID: 34125063
Didnt notice before but trysearching onanotherevent ID.
User account lockout should be 4740, this may give you more info.

http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4740
0
 
LVL 11

Assisted Solution

by:Renato Montenegro Rustici
Renato Montenegro Rustici earned 500 total points
ID: 34125229
Another think that might cause that is if you have mapped shared folder or printers using saved credentials that are now invalid. For example, you might have a workstation that is not part of the domain but has some saved connections to network drives.
0
 
LVL 24

Expert Comment

by:Awinish
ID: 34130879
Here is a very good tool,which helps.

http://www.netwrix.com/account_lockout_examiner.html
0
 

Author Comment

by:malcatt
ID: 34133658
Thanks everyone, have tried all these approaches and still not having much success.  With eventcomb I use the built in Account lock out search then I converted all the event IDs to 2008.

Came up with 4768, 4771, 4740 (which you suggested) 4776, and 4625.  I have also used the Alockout tools which I have used in the past, still no go, embarassing :)

Looked for services and mapped drives, which are great suggestions because I know lately just for testing that I have tied it for a service though I thought just for testing, then I've taken it back out.

Will continue looking thanks again
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question