Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1223
  • Last Modified:

Many domain admin account is locked automaticly in my Active Directory

Hi,

I have many domain controller and RODC in WINDOWS 2008 SP2.

I have many administrator account loocked and i am not able to find the root cause.

When i connect to the server, i and after i enter my password, i have this message:

"the referenced account is currently locked out and may not be logged on to"

Other administrator have the same issue.

After 10-20 minutes, the account is unlocked automaticly.

Thanks for your help
0
cawasaki
Asked:
cawasaki
  • 5
  • 4
1 Solution
 
cawasakiAuthor Commented:
Hi,

i have used  Account Lockout Status (LockoutStatus.exe) and i see many administrator account with bad password count=3 in the DDC server who host FSMO role.

Any suggestion?
0
 
AwinishCommented:
A/c lockout can be with many reason & there can be conficker worms too which mainly target admin accounts.

http://www.sophos.com/products/free-tools/conficker-removal-tool.html
There can be password guess on the account & you can use netwrix tool to detect.
0
Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

 
cawasakiAuthor Commented:
I have Symmantec SEP 11 in all my server and i have 0 detect!
0
 
AwinishCommented:
There can be many reason as i said,mapped drive or service account & its password has been changed, virus attack, if all the domain & admin account facing the issue it can be surely conficker.

Try to cut down the issue,use netwrix tool which helps actually.
0
 
cawasakiAuthor Commented:
its possible to find IP of computer try to use administrator account?
0
 
AwinishCommented:
You have to use netwrix or event log from security log to check which computer that admin account is being used.

Use below method to troubleshoot account lockout tool.
http://blogs.technet.com/b/instan/archive/2009/09/01/troubleshooting-account-lockout-the-pss-way.aspx
http://www.netwrix.com/account_lockout_examiner.html

Sometime i have seen SEPM is not able to detect Conficker,try to use Mcafee,SOPHOS or trend micro.
0
 
cawasakiAuthor Commented:
I have activated a debug log to netlogon, il will report if i see anything
0
 
cawasakiAuthor Commented:
ok, i found a computer XP SP3 whot test to connect in all my admin users and lock all my admin account.

I check if it have a virus....
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now