[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2855
  • Last Modified:

Domain account keeps getting locked out

I'm a Domain Admin.  Last week I had to have a user unlock a server at a remote location that was logged in as me because I wasn't able to access the server.  So I changed my domain password to a temporary password, had him unlock the server with this new temp password, then rebooted the server and did not log back in as myself.  I then reset my domain account password back to the original that I had used before changing it.  That was last Thursday (8/16) and ever since then, my account has been getting locked out several times a day.  Happened all weekend long.  I know there are services running on some servers that are using my credentials but I assumed that they should be ok since I changed it back to what I was using before.  

Any ideas why this might be happening or what could cause this?

Thanks,
CaseyM
0
npc_caseym
Asked:
npc_caseym
3 Solutions
 
SebastianAbbinantiCommented:
Check the event log. I'll bet you have a service or something attempting to logon with your account and old password that's locking you out.

Thanks,
S.
0
 
npc_caseymAuthor Commented:
Yes, but why would it be using an old password if I changed it back to the same password that the service is using?
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
What I would recommend is checking the Event Logs on the server to see if there are any indications why your account would be getting locked out. Have you checked the services/task that are under your account are actually running and not have errors? I would start there first.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
npc_caseymAuthor Commented:
That's what I have been checking but I have over 75 servers...I'm checking my domain controllers now.
0
 
SebastianAbbinantiCommented:
Perhaps it was a password update policy issue. In any case, you don't want services logging on with real accounts. Check the event log to see what's logging in, and move it to a dedicated service account.

Thanks,
S.
0
 
remmett70Commented:
Is there a service on the server that you had the user unlock for you?  Have you logged back into it since you changed the password back?


In the future, you may want to think about creating an account for the services to run under, instead of your account.  Also if you need to have a user unlock a server for you, instead of giving them your password.  Temp give them Domain Admin access, while they unlock that server, and then remove them from the domain admin group instead of messing with passwords.
0
 
hecgomrecCommented:
If you know were to go to unlock a server this is the machine you should look for the events.

If you don't have a service account you should create one.  Do you have any machine with Win7 with your username and password that is outside the domain? (For Testing or something like that) if so, this is the machine causing it, just create another user on that machine.

Again, if that is not your issue, you should be able to find out by the events if your account is being spoof from outside your LAN or within it and solve your issue.
0
 
npc_caseymAuthor Commented:
I found a nice little program that you give an input list of servers and it will go check all services and tasks and let you know what login each are using.

http://community.spiceworks.com/topic/252214-how-can-i-see-what-services-applications-on-the-network-are-using-my-login?page=1#entry-1577337

http://cjwdev.co.uk/Software/ServiceCredMan/Info.html

Thanks for all of the replies.

caseym
0
 
npc_caseymAuthor Commented:
The program I found is the best solution to finding the cause of this problem.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now