Solved

Windows 2003 AD and ADC/Most of the user accounts are  keeps being locked out randomly.

Posted on 2011-03-15
3
272 Views
Last Modified: 2012-05-11
I have a  Windows 2003 AD and ADC.Most of the user accounts are  keeps being locked out randomly.
I found con-flicker virus on the network . I believe may be because of this or   any service / application that is trying to automatically authenticate against Active Directory with user accounst.

What will be the best way to find out where the service / application /computer/virus is running that is  trying to authenticate with my account; since its a network with 500 users.

We are using forefront client security as antivirus.
Regards
Jenu Rai

Thank you
0
Comment
Question by:emtechadmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 35140614
You can start with the steps here  

http://blogs.technet.com/b/instan/archive/2009/09/01/troubleshooting-account-lockout-the-pss-way.aspx

That will give you a link to the account troubleshooting tools

In this case you have already have the culprit though (Conficker)  When there are random unexplained lockouts in mass it is almost always conficker (at least for the last few years)

Keep doing your best to get rid of that.

Thanks

Mike
0
 
LVL 11

Accepted Solution

by:
RickSheikh earned 500 total points
ID: 35141296
And if your goal is to enumerate all the services you have running on all your servers and see where an account might be configured with your account instead.

One way you can accomplish this is via a PowerShell script using the WMI - that startname property tells you what account a service is configured with.

 C:\PS>get-service -name winrm -computername localhost, Server01, Server02  | format-table -property MachineName, Status, Startname, Name, DisplayName -auto

You would probably want to pass the server list as in get-service (gc servers.txt) .........

0
 
LVL 1

Author Closing Comment

by:emtechadmin
ID: 35736943
Partially supported
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question