Solved

Windows 2003 AD and ADC/Most of the user accounts are  keeps being locked out randomly.

Posted on 2011-03-15
3
268 Views
Last Modified: 2012-05-11
I have a  Windows 2003 AD and ADC.Most of the user accounts are  keeps being locked out randomly.
I found con-flicker virus on the network . I believe may be because of this or   any service / application that is trying to automatically authenticate against Active Directory with user accounst.

What will be the best way to find out where the service / application /computer/virus is running that is  trying to authenticate with my account; since its a network with 500 users.

We are using forefront client security as antivirus.
Regards
Jenu Rai

Thank you
0
Comment
Question by:emtechadmin
3 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 35140614
You can start with the steps here  

http://blogs.technet.com/b/instan/archive/2009/09/01/troubleshooting-account-lockout-the-pss-way.aspx

That will give you a link to the account troubleshooting tools

In this case you have already have the culprit though (Conficker)  When there are random unexplained lockouts in mass it is almost always conficker (at least for the last few years)

Keep doing your best to get rid of that.

Thanks

Mike
0
 
LVL 11

Accepted Solution

by:
RickSheikh earned 500 total points
ID: 35141296
And if your goal is to enumerate all the services you have running on all your servers and see where an account might be configured with your account instead.

One way you can accomplish this is via a PowerShell script using the WMI - that startname property tells you what account a service is configured with.

 C:\PS>get-service -name winrm -computername localhost, Server01, Server02  | format-table -property MachineName, Status, Startname, Name, DisplayName -auto

You would probably want to pass the server list as in get-service (gc servers.txt) .........

0
 
LVL 1

Author Closing Comment

by:emtechadmin
ID: 35736943
Partially supported
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they wer…
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now