Solved

How to tell what is locking an account out

Posted on 2011-02-14
7
544 Views
Last Modified: 2012-06-21
I have a service account that runs scheduled tasks and services.  It is being locked out every Saturday at 11 PM, but I don't know what is locking it out.  I'm needing to know what machine/IP the invalid attempts are coming from.  I know Microsoft has the Account Lockout & Management tools, but I'm running Active Directory on Server 2008.  Will these tools still work?  If so how do I put them in place?  Is there a better option out there?
0
Comment
Question by:jdouthit
  • 3
  • 2
  • 2
7 Comments
 
LVL 7

Accepted Solution

by:
Cuteadder earned 500 total points
ID: 34888375
http://www.microsoft.com/downloads/en/details.aspx?FamilyId=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en

event comb will scan all your Domain controllers and tell you what computer and what type of event...
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 34888385
Those tools should still work...haven't put them on a 2008 box myself.   A network trace can also help in these situations (netmon or wireshark).

Not sure if you have seen this blog but it is a good overview   http://blogs.technet.com/b/instan/archive/2009/09/01/troubleshooting-account-lockout-the-pss-way.aspx?wa=wsignin1.0

Thanks

Mike
0
 

Author Comment

by:jdouthit
ID: 34888395
What criteria should I be entering in eventcomb to search for the failed attempts?  I don't know what Event ID this would produce.
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 7

Expert Comment

by:Cuteadder
ID: 34888412
there's a preset for looking for locked out accounts and the events around it...

do that and post the results
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 34888429
0
 

Author Comment

by:jdouthit
ID: 34888855
I used the preset search for locked accounts on event comb, but it didn't find anything.  The account was locked out on 2-12-11.  Our event logs fill up so fast we usually only have items for the last 4-6 hours on a business day.
0
 
LVL 7

Expert Comment

by:Cuteadder
ID: 34889512
unlock the account and next time it locks out jump on the issue..
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question