Random Account Lockouts

Not too sure how to go about this, but, my domain account on a windows 2008 active directory keeps getting locked out every few minutes.  I can't for the life of me find where logons are taking place that is locking out my account.  I've check my servers security logs on my servers that have internet facing NAT policies (Exchange, RDP server) to no avail, as well as check all my domain controllers.  No love.

As far as i know  there isn't any logging done by the domain controllers when there is an account audit failure, but I'm looking for something like that.  I'm a bit scared that this is a security breach of some sort (luckily I have a separate domain admin account!).  I would look at potential services or the like out there that might use my logon (network scanners) but it's odd that this started today - I haven't changed my password in over a month

And I do have my phone checking my mail, which I've seen make this happen, but i authenticate just fine on my phone.

Any Suggestions?
JJ
LVL 1
JamesonJendreasAsked:
Who is Participating?
 
Andrew Hancock (VMware vExpert / EE MVE^2)Connect With a Mentor VMware and Virtualization ConsultantCommented:
ALTools.exe includes:


    AcctInfo.dll. Helps isolate and troubleshoot account lockouts and to change a user's password on a domain controller in that user's site. It works by adding new property pages to user objects in the Active Directory Users and Computers Microsoft Management Console (MMC).

    ALockout.dll. On the client computer, helps determine a process or application that is sending wrong credentials.

    Caution: Do not use this tool on servers that host network applications or services. Also, you should not use ALockout.dll on Exchange servers, because it may prevent the Exchange store from starting.
    ALoInfo.exe. Displays all user account names and the age of their passwords.

    EnableKerbLog.vbs. Used as a startup script, allows Kerberos to log on to all your clients that run Windows 2000 and later.

    EventCombMT.exe. Gathers specific events from event logs of several different machines to one central location.

    LockoutStatus.exe. Determines all the domain controllers that are involved in a lockout of a user in order to assist in gathering the logs. LockoutStatus.exe uses the NLParse.exe tool to parse Netlogon logs for specific Netlogon return status codes. It directs the output to a comma-separated value (.csv) file that you can sort further, if needed.

    NLParse.exe. Used to extract and display desired entries from the Netlogon log files.

Source
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=18465

Also check here for screenshots and use
http://trycatch.be/blogs/roggenk/archive/2008/05/08/account-lockout-tools-amp-rsat-active-directory-users-and-computers-aduc.aspx
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Download Account lockout tools that you can use to troubleshoot account lockouts, as well as add functionality to Active Directory.

These still work for Windows 2008 Domains

http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=18465
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.