?
Solved

Random Account Lockouts

Posted on 2011-09-20
2
Medium Priority
?
565 Views
Last Modified: 2012-08-14
Not too sure how to go about this, but, my domain account on a windows 2008 active directory keeps getting locked out every few minutes.  I can't for the life of me find where logons are taking place that is locking out my account.  I've check my servers security logs on my servers that have internet facing NAT policies (Exchange, RDP server) to no avail, as well as check all my domain controllers.  No love.

As far as i know  there isn't any logging done by the domain controllers when there is an account audit failure, but I'm looking for something like that.  I'm a bit scared that this is a security breach of some sort (luckily I have a separate domain admin account!).  I would look at potential services or the like out there that might use my logon (network scanners) but it's odd that this started today - I haven't changed my password in over a month

And I do have my phone checking my mail, which I've seen make this happen, but i authenticate just fine on my phone.

Any Suggestions?
JJ
0
Comment
Question by:JamesonJendreas
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 123
ID: 36570130
Download Account lockout tools that you can use to troubleshoot account lockouts, as well as add functionality to Active Directory.

These still work for Windows 2008 Domains

http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=18465
0
 
LVL 123

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 2000 total points
ID: 36570143
ALTools.exe includes:


    AcctInfo.dll. Helps isolate and troubleshoot account lockouts and to change a user's password on a domain controller in that user's site. It works by adding new property pages to user objects in the Active Directory Users and Computers Microsoft Management Console (MMC).

    ALockout.dll. On the client computer, helps determine a process or application that is sending wrong credentials.

    Caution: Do not use this tool on servers that host network applications or services. Also, you should not use ALockout.dll on Exchange servers, because it may prevent the Exchange store from starting.
    ALoInfo.exe. Displays all user account names and the age of their passwords.

    EnableKerbLog.vbs. Used as a startup script, allows Kerberos to log on to all your clients that run Windows 2000 and later.

    EventCombMT.exe. Gathers specific events from event logs of several different machines to one central location.

    LockoutStatus.exe. Determines all the domain controllers that are involved in a lockout of a user in order to assist in gathering the logs. LockoutStatus.exe uses the NLParse.exe tool to parse Netlogon logs for specific Netlogon return status codes. It directs the output to a comma-separated value (.csv) file that you can sort further, if needed.

    NLParse.exe. Used to extract and display desired entries from the Netlogon log files.

Source
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=18465

Also check here for screenshots and use
http://trycatch.be/blogs/roggenk/archive/2008/05/08/account-lockout-tools-amp-rsat-active-directory-users-and-computers-aduc.aspx
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Suggested Courses
Course of the Month9 days, 14 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question