[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Many domain admin account is locked automaticly in my Active Directory

Posted on 2010-11-30
9
Medium Priority
?
1,215 Views
Last Modified: 2012-05-10
Hi,

I have many domain controller and RODC in WINDOWS 2008 SP2.

I have many administrator account loocked and i am not able to find the root cause.

When i connect to the server, i and after i enter my password, i have this message:

"the referenced account is currently locked out and may not be logged on to"

Other administrator have the same issue.

After 10-20 minutes, the account is unlocked automaticly.

Thanks for your help
0
Comment
Question by:cawasaki
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 

Author Comment

by:cawasaki
ID: 34237726
Hi,

i have used  Account Lockout Status (LockoutStatus.exe) and i see many administrator account with bad password count=3 in the DDC server who host FSMO role.

Any suggestion?
0
 
LVL 24

Expert Comment

by:Awinish
ID: 34237732
A/c lockout can be with many reason & there can be conficker worms too which mainly target admin accounts.

http://www.sophos.com/products/free-tools/conficker-removal-tool.html
There can be password guess on the account & you can use netwrix tool to detect.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:cawasaki
ID: 34237751
I have Symmantec SEP 11 in all my server and i have 0 detect!
0
 
LVL 24

Expert Comment

by:Awinish
ID: 34237766
There can be many reason as i said,mapped drive or service account & its password has been changed, virus attack, if all the domain & admin account facing the issue it can be surely conficker.

Try to cut down the issue,use netwrix tool which helps actually.
0
 

Author Comment

by:cawasaki
ID: 34237778
its possible to find IP of computer try to use administrator account?
0
 
LVL 24

Accepted Solution

by:
Awinish earned 2000 total points
ID: 34237801
You have to use netwrix or event log from security log to check which computer that admin account is being used.

Use below method to troubleshoot account lockout tool.
http://blogs.technet.com/b/instan/archive/2009/09/01/troubleshooting-account-lockout-the-pss-way.aspx
http://www.netwrix.com/account_lockout_examiner.html

Sometime i have seen SEPM is not able to detect Conficker,try to use Mcafee,SOPHOS or trend micro.
0
 

Author Comment

by:cawasaki
ID: 34237865
I have activated a debug log to netlogon, il will report if i see anything
0
 

Author Comment

by:cawasaki
ID: 34238650
ok, i found a computer XP SP3 whot test to connect in all my admin users and lock all my admin account.

I check if it have a virus....
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Let's recap what we learned from yesterday's Skyport Systems webinar.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question