Solved

Windows 2003 AD and ADC/Most of the user accounts are  keeps being locked out randomly.

Posted on 2011-03-15
3
267 Views
Last Modified: 2012-05-11
I have a  Windows 2003 AD and ADC.Most of the user accounts are  keeps being locked out randomly.
I found con-flicker virus on the network . I believe may be because of this or   any service / application that is trying to automatically authenticate against Active Directory with user accounst.

What will be the best way to find out where the service / application /computer/virus is running that is  trying to authenticate with my account; since its a network with 500 users.

We are using forefront client security as antivirus.
Regards
Jenu Rai

Thank you
0
Comment
Question by:emtechadmin
3 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 35140614
You can start with the steps here  

http://blogs.technet.com/b/instan/archive/2009/09/01/troubleshooting-account-lockout-the-pss-way.aspx

That will give you a link to the account troubleshooting tools

In this case you have already have the culprit though (Conficker)  When there are random unexplained lockouts in mass it is almost always conficker (at least for the last few years)

Keep doing your best to get rid of that.

Thanks

Mike
0
 
LVL 11

Accepted Solution

by:
RickSheikh earned 500 total points
ID: 35141296
And if your goal is to enumerate all the services you have running on all your servers and see where an account might be configured with your account instead.

One way you can accomplish this is via a PowerShell script using the WMI - that startname property tells you what account a service is configured with.

 C:\PS>get-service -name winrm -computername localhost, Server01, Server02  | format-table -property MachineName, Status, Startname, Name, DisplayName -auto

You would probably want to pass the server list as in get-service (gc servers.txt) .........

0
 
LVL 1

Author Closing Comment

by:emtechadmin
ID: 35736943
Partially supported
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

I know all systems administrator at some time or another has had to create a script to copy file from a server share to a desktop. Well now there is an easy way to do this in Group Policy. Using Group policy preferences is not hard. The first thing …
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now