Solved

Random Account Lockouts

Posted on 2011-09-20
2
561 Views
Last Modified: 2012-08-14
Not too sure how to go about this, but, my domain account on a windows 2008 active directory keeps getting locked out every few minutes.  I can't for the life of me find where logons are taking place that is locking out my account.  I've check my servers security logs on my servers that have internet facing NAT policies (Exchange, RDP server) to no avail, as well as check all my domain controllers.  No love.

As far as i know  there isn't any logging done by the domain controllers when there is an account audit failure, but I'm looking for something like that.  I'm a bit scared that this is a security breach of some sort (luckily I have a separate domain admin account!).  I would look at potential services or the like out there that might use my logon (network scanners) but it's odd that this started today - I haven't changed my password in over a month

And I do have my phone checking my mail, which I've seen make this happen, but i authenticate just fine on my phone.

Any Suggestions?
JJ
0
Comment
Question by:JamesonJendreas
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 120
ID: 36570130
Download Account lockout tools that you can use to troubleshoot account lockouts, as well as add functionality to Active Directory.

These still work for Windows 2008 Domains

http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=18465
0
 
LVL 120

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 500 total points
ID: 36570143
ALTools.exe includes:


    AcctInfo.dll. Helps isolate and troubleshoot account lockouts and to change a user's password on a domain controller in that user's site. It works by adding new property pages to user objects in the Active Directory Users and Computers Microsoft Management Console (MMC).

    ALockout.dll. On the client computer, helps determine a process or application that is sending wrong credentials.

    Caution: Do not use this tool on servers that host network applications or services. Also, you should not use ALockout.dll on Exchange servers, because it may prevent the Exchange store from starting.
    ALoInfo.exe. Displays all user account names and the age of their passwords.

    EnableKerbLog.vbs. Used as a startup script, allows Kerberos to log on to all your clients that run Windows 2000 and later.

    EventCombMT.exe. Gathers specific events from event logs of several different machines to one central location.

    LockoutStatus.exe. Determines all the domain controllers that are involved in a lockout of a user in order to assist in gathering the logs. LockoutStatus.exe uses the NLParse.exe tool to parse Netlogon logs for specific Netlogon return status codes. It directs the output to a comma-separated value (.csv) file that you can sort further, if needed.

    NLParse.exe. Used to extract and display desired entries from the Netlogon log files.

Source
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=18465

Also check here for screenshots and use
http://trycatch.be/blogs/roggenk/archive/2008/05/08/account-lockout-tools-amp-rsat-active-directory-users-and-computers-aduc.aspx
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question