account lockouts

I am current logged into a machine.  AD is now 2008 R2.  whaen I change my password I now get locked out because I am still logged in somewhere.  How do I find out where I am logged into,  I've used the Built in event ids in eventcomb and have added 4625 and 4771, it finds pad passwords though I dont have an ip from where it is locking me out.  Help! Its driving me nuts.  I also use lockoutstatus.exe so I know which dc its authenticating with
malcattAsked:
Who is Participating?
 
KenMcFCommented:
0
 
Mark DamenERP System ManagerCommented:
Do you have your username configured on a service within the domain somewhere.  If you haven't changed your password on the service that it using the old one, it could be a source for lockouts.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
KenMcFCommented:
Didnt notice before but trysearching onanotherevent ID.
User account lockout should be 4740, this may give you more info.

http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4740
0
 
Renato Montenegro RusticiIT SpecialistCommented:
Another think that might cause that is if you have mapped shared folder or printers using saved credentials that are now invalid. For example, you might have a workstation that is not part of the domain but has some saved connections to network drives.
0
 
AwinishCommented:
Here is a very good tool,which helps.

http://www.netwrix.com/account_lockout_examiner.html
0
 
malcattAuthor Commented:
Thanks everyone, have tried all these approaches and still not having much success.  With eventcomb I use the built in Account lock out search then I converted all the event IDs to 2008.

Came up with 4768, 4771, 4740 (which you suggested) 4776, and 4625.  I have also used the Alockout tools which I have used in the past, still no go, embarassing :)

Looked for services and mapped drives, which are great suggestions because I know lately just for testing that I have tied it for a service though I thought just for testing, then I've taken it back out.

Will continue looking thanks again
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.