Solved

account lockouts

Posted on 2010-11-12
7
923 Views
Last Modified: 2012-05-10
I am current logged into a machine.  AD is now 2008 R2.  whaen I change my password I now get locked out because I am still logged in somewhere.  How do I find out where I am logged into,  I've used the Built in event ids in eventcomb and have added 4625 and 4771, it finds pad passwords though I dont have an ip from where it is locking me out.  Help! Its driving me nuts.  I also use lockoutstatus.exe so I know which dc its authenticating with
0
Comment
Question by:malcatt
7 Comments
 
LVL 27

Accepted Solution

by:
KenMcF earned 250 total points
ID: 34124968
0
 
LVL 27

Expert Comment

by:KenMcF
ID: 34124975
0
 
LVL 13

Assisted Solution

by:markusdamenous
markusdamenous earned 125 total points
ID: 34124991
Do you have your username configured on a service within the domain somewhere.  If you haven't changed your password on the service that it using the old one, it could be a source for lockouts.
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 27

Assisted Solution

by:KenMcF
KenMcF earned 250 total points
ID: 34125063
Didnt notice before but trysearching onanotherevent ID.
User account lockout should be 4740, this may give you more info.

http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4740
0
 
LVL 11

Assisted Solution

by:Renato Montenegro Rustice
Renato Montenegro Rustice earned 125 total points
ID: 34125229
Another think that might cause that is if you have mapped shared folder or printers using saved credentials that are now invalid. For example, you might have a workstation that is not part of the domain but has some saved connections to network drives.
0
 
LVL 24

Expert Comment

by:Awinish
ID: 34130879
Here is a very good tool,which helps.

http://www.netwrix.com/account_lockout_examiner.html
0
 

Author Comment

by:malcatt
ID: 34133658
Thanks everyone, have tried all these approaches and still not having much success.  With eventcomb I use the built in Account lock out search then I converted all the event IDs to 2008.

Came up with 4768, 4771, 4740 (which you suggested) 4776, and 4625.  I have also used the Alockout tools which I have used in the past, still no go, embarassing :)

Looked for services and mapped drives, which are great suggestions because I know lately just for testing that I have tied it for a service though I thought just for testing, then I've taken it back out.

Will continue looking thanks again
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question