Solved

Windows 2003 AD and ADC/Most of the user accounts are  keeps being locked out randomly.

Posted on 2011-03-15
3
270 Views
Last Modified: 2012-05-11
I have a  Windows 2003 AD and ADC.Most of the user accounts are  keeps being locked out randomly.
I found con-flicker virus on the network . I believe may be because of this or   any service / application that is trying to automatically authenticate against Active Directory with user accounst.

What will be the best way to find out where the service / application /computer/virus is running that is  trying to authenticate with my account; since its a network with 500 users.

We are using forefront client security as antivirus.
Regards
Jenu Rai

Thank you
0
Comment
Question by:emtechadmin
3 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 35140614
You can start with the steps here  

http://blogs.technet.com/b/instan/archive/2009/09/01/troubleshooting-account-lockout-the-pss-way.aspx

That will give you a link to the account troubleshooting tools

In this case you have already have the culprit though (Conficker)  When there are random unexplained lockouts in mass it is almost always conficker (at least for the last few years)

Keep doing your best to get rid of that.

Thanks

Mike
0
 
LVL 11

Accepted Solution

by:
RickSheikh earned 500 total points
ID: 35141296
And if your goal is to enumerate all the services you have running on all your servers and see where an account might be configured with your account instead.

One way you can accomplish this is via a PowerShell script using the WMI - that startname property tells you what account a service is configured with.

 C:\PS>get-service -name winrm -computername localhost, Server01, Server02  | format-table -property MachineName, Status, Startname, Name, DisplayName -auto

You would probably want to pass the server list as in get-service (gc servers.txt) .........

0
 
LVL 1

Author Closing Comment

by:emtechadmin
ID: 35736943
Partially supported
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question