Solved

account lockouts

Posted on 2010-11-12
7
920 Views
Last Modified: 2012-05-10
I am current logged into a machine.  AD is now 2008 R2.  whaen I change my password I now get locked out because I am still logged in somewhere.  How do I find out where I am logged into,  I've used the Built in event ids in eventcomb and have added 4625 and 4771, it finds pad passwords though I dont have an ip from where it is locking me out.  Help! Its driving me nuts.  I also use lockoutstatus.exe so I know which dc its authenticating with
0
Comment
Question by:malcatt
7 Comments
 
LVL 27

Accepted Solution

by:
KenMcF earned 250 total points
ID: 34124968
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 34124975
0
 
LVL 13

Assisted Solution

by:markusdamenous
markusdamenous earned 125 total points
ID: 34124991
Do you have your username configured on a service within the domain somewhere.  If you haven't changed your password on the service that it using the old one, it could be a source for lockouts.
0
 
LVL 27

Assisted Solution

by:KenMcF
KenMcF earned 250 total points
ID: 34125063
Didnt notice before but trysearching onanotherevent ID.
User account lockout should be 4740, this may give you more info.

http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4740
0
 
LVL 11

Assisted Solution

by:Renato Montenegro Rustice
Renato Montenegro Rustice earned 125 total points
ID: 34125229
Another think that might cause that is if you have mapped shared folder or printers using saved credentials that are now invalid. For example, you might have a workstation that is not part of the domain but has some saved connections to network drives.
0
 
LVL 24

Expert Comment

by:Awinish
ID: 34130879
Here is a very good tool,which helps.

http://www.netwrix.com/account_lockout_examiner.html
0
 

Author Comment

by:malcatt
ID: 34133658
Thanks everyone, have tried all these approaches and still not having much success.  With eventcomb I use the built in Account lock out search then I converted all the event IDs to 2008.

Came up with 4768, 4771, 4740 (which you suggested) 4776, and 4625.  I have also used the Alockout tools which I have used in the past, still no go, embarassing :)

Looked for services and mapped drives, which are great suggestions because I know lately just for testing that I have tied it for a service though I thought just for testing, then I've taken it back out.

Will continue looking thanks again
0

Join & Write a Comment

The saying goes a bad carpenter blames his tools. In the Directory Services world a bad system administrator, well, even with the best tools they’re probably not going to become an all star.  However for the system admin who is willing to spend a li…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now