?
Solved

account lockouts

Posted on 2010-11-12
7
Medium Priority
?
928 Views
Last Modified: 2012-05-10
I am current logged into a machine.  AD is now 2008 R2.  whaen I change my password I now get locked out because I am still logged in somewhere.  How do I find out where I am logged into,  I've used the Built in event ids in eventcomb and have added 4625 and 4771, it finds pad passwords though I dont have an ip from where it is locking me out.  Help! Its driving me nuts.  I also use lockoutstatus.exe so I know which dc its authenticating with
0
Comment
Question by:malcatt
7 Comments
 
LVL 27

Accepted Solution

by:
KenMcF earned 1000 total points
ID: 34124968
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 34124975
0
 
LVL 13

Assisted Solution

by:Mark Damen
Mark Damen earned 500 total points
ID: 34124991
Do you have your username configured on a service within the domain somewhere.  If you haven't changed your password on the service that it using the old one, it could be a source for lockouts.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 27

Assisted Solution

by:KenMcF
KenMcF earned 1000 total points
ID: 34125063
Didnt notice before but trysearching onanotherevent ID.
User account lockout should be 4740, this may give you more info.

http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4740
0
 
LVL 11

Assisted Solution

by:Renato Montenegro Rustici
Renato Montenegro Rustici earned 500 total points
ID: 34125229
Another think that might cause that is if you have mapped shared folder or printers using saved credentials that are now invalid. For example, you might have a workstation that is not part of the domain but has some saved connections to network drives.
0
 
LVL 24

Expert Comment

by:Awinish
ID: 34130879
Here is a very good tool,which helps.

http://www.netwrix.com/account_lockout_examiner.html
0
 

Author Comment

by:malcatt
ID: 34133658
Thanks everyone, have tried all these approaches and still not having much success.  With eventcomb I use the built in Account lock out search then I converted all the event IDs to 2008.

Came up with 4768, 4771, 4740 (which you suggested) 4776, and 4625.  I have also used the Alockout tools which I have used in the past, still no go, embarassing :)

Looked for services and mapped drives, which are great suggestions because I know lately just for testing that I have tied it for a service though I thought just for testing, then I've taken it back out.

Will continue looking thanks again
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question