Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Random Account Lockouts

Posted on 2011-09-20
2
Medium Priority
?
568 Views
Last Modified: 2012-08-14
Not too sure how to go about this, but, my domain account on a windows 2008 active directory keeps getting locked out every few minutes.  I can't for the life of me find where logons are taking place that is locking out my account.  I've check my servers security logs on my servers that have internet facing NAT policies (Exchange, RDP server) to no avail, as well as check all my domain controllers.  No love.

As far as i know  there isn't any logging done by the domain controllers when there is an account audit failure, but I'm looking for something like that.  I'm a bit scared that this is a security breach of some sort (luckily I have a separate domain admin account!).  I would look at potential services or the like out there that might use my logon (network scanners) but it's odd that this started today - I haven't changed my password in over a month

And I do have my phone checking my mail, which I've seen make this happen, but i authenticate just fine on my phone.

Any Suggestions?
JJ
0
Comment
Question by:JamesonJendreas
  • 2
2 Comments
 
LVL 125
ID: 36570130
Download Account lockout tools that you can use to troubleshoot account lockouts, as well as add functionality to Active Directory.

These still work for Windows 2008 Domains

http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=18465
0
 
LVL 125

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 2000 total points
ID: 36570143
ALTools.exe includes:


    AcctInfo.dll. Helps isolate and troubleshoot account lockouts and to change a user's password on a domain controller in that user's site. It works by adding new property pages to user objects in the Active Directory Users and Computers Microsoft Management Console (MMC).

    ALockout.dll. On the client computer, helps determine a process or application that is sending wrong credentials.

    Caution: Do not use this tool on servers that host network applications or services. Also, you should not use ALockout.dll on Exchange servers, because it may prevent the Exchange store from starting.
    ALoInfo.exe. Displays all user account names and the age of their passwords.

    EnableKerbLog.vbs. Used as a startup script, allows Kerberos to log on to all your clients that run Windows 2000 and later.

    EventCombMT.exe. Gathers specific events from event logs of several different machines to one central location.

    LockoutStatus.exe. Determines all the domain controllers that are involved in a lockout of a user in order to assist in gathering the logs. LockoutStatus.exe uses the NLParse.exe tool to parse Netlogon logs for specific Netlogon return status codes. It directs the output to a comma-separated value (.csv) file that you can sort further, if needed.

    NLParse.exe. Used to extract and display desired entries from the Netlogon log files.

Source
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=18465

Also check here for screenshots and use
http://trycatch.be/blogs/roggenk/archive/2008/05/08/account-lockout-tools-amp-rsat-active-directory-users-and-computers-aduc.aspx
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits …
Scripts are great for performing batch jobs against users, however sometimes the GUI is all you need.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question