Solved

How to tell what is locking an account out

Posted on 2011-02-14
7
545 Views
Last Modified: 2012-06-21
I have a service account that runs scheduled tasks and services.  It is being locked out every Saturday at 11 PM, but I don't know what is locking it out.  I'm needing to know what machine/IP the invalid attempts are coming from.  I know Microsoft has the Account Lockout & Management tools, but I'm running Active Directory on Server 2008.  Will these tools still work?  If so how do I put them in place?  Is there a better option out there?
0
Comment
Question by:jdouthit
  • 3
  • 2
  • 2
7 Comments
 
LVL 7

Accepted Solution

by:
Cuteadder earned 500 total points
ID: 34888375
http://www.microsoft.com/downloads/en/details.aspx?FamilyId=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en

event comb will scan all your Domain controllers and tell you what computer and what type of event...
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 34888385
Those tools should still work...haven't put them on a 2008 box myself.   A network trace can also help in these situations (netmon or wireshark).

Not sure if you have seen this blog but it is a good overview   http://blogs.technet.com/b/instan/archive/2009/09/01/troubleshooting-account-lockout-the-pss-way.aspx?wa=wsignin1.0

Thanks

Mike
0
 

Author Comment

by:jdouthit
ID: 34888395
What criteria should I be entering in eventcomb to search for the failed attempts?  I don't know what Event ID this would produce.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 7

Expert Comment

by:Cuteadder
ID: 34888412
there's a preset for looking for locked out accounts and the events around it...

do that and post the results
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 34888429
0
 

Author Comment

by:jdouthit
ID: 34888855
I used the preset search for locked accounts on event comb, but it didn't find anything.  The account was locked out on 2-12-11.  Our event logs fill up so fast we usually only have items for the last 4-6 hours on a business day.
0
 
LVL 7

Expert Comment

by:Cuteadder
ID: 34889512
unlock the account and next time it locks out jump on the issue..
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question