asked on

account lockouts

I am current logged into a machine. AD is now 2008 R2. whaen I change my password I now get locked out because I am still logged in somewhere. How do I find out where I am logged into, I've used the Built in event ids in eventcomb and have added 4625 and 4771, it finds pad passwords though I dont have an ip from where it is locking me out. Help! Its driving me nuts. I also use lockoutstatus.exe so I know which dc its authenticating with

ASKER CERTIFIED SOLUTION

KenMcF

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

KenMcF

And do you have auditing enabled.
http://technet.microsoft.com/en-us/library/cc747507(WS.10).aspx

SOLUTION

Mark Damen

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

SOLUTION

KenMcF

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

SOLUTION

Renato Montenegro Rustici

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Awinish

Here is a very good tool,which helps.

http://www.netwrix.com/account_lockout_examiner.html

malcatt

ASKER

Thanks everyone, have tried all these approaches and still not having much success. With eventcomb I use the built in Account lock out search then I converted all the event IDs to 2008.

Came up with 4768, 4771, 4740 (which you suggested) 4776, and 4625. I have also used the Alockout tools which I have used in the past, still no go, embarassing :)

Looked for services and mapped drives, which are great suggestions because I know lately just for testing that I have tied it for a service though I thought just for testing, then I've taken it back out.

Will continue looking thanks again