Solved

my AD accounts keeps locking up!

Posted on 2013-01-29
6
282 Views
Last Modified: 2013-01-30
hi experts,

 I changed my domain password about 3 weeks ago and every since then my AD account keeps locking up. I have an iphone with exchange email setup and I RDC to multiple servers. I've checked all of them and have signed off just to make sure there are no cache credentials. but it continues to lock out. What do I need to do or where do I need to look ?
0
Comment
Question by:frankbustos
6 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 38831915
Sounds like there is a service or app on a box somewhere still using that old PW.  Go through the article below (with links to Microsoft tools that can help track it down)

http://blogs.technet.com/b/instan/archive/2009/09/01/troubleshooting-account-lockout-the-pss-way.aspx

Is it just happening to your account that you changed the PW on?

Thanks

Mike
0
 
LVL 17

Accepted Solution

by:
Tony Massa earned 500 total points
ID: 38831919
Use lockoutstatus.exe - This will give you the DC that locked out your account.  Then check the security event viewer for your user ID and find the failed logons.  This will give you the IP address of the host sending a bad username/password.  Then check the host sending the bad username/password and it will give you the process ID (application) sending the bad password.

You will have to enable failed account logon events to get this info.  Make sure that you are checking the "Credential Manager" (Windows 7) for stored userID/passwords
http://windows.microsoft.com/is-IS/windows7/What-is-Credential-Manager
0
 
LVL 18

Expert Comment

by:Americom
ID: 38831920
check the event logs of each of your domain controller, there should be event that shows you the machine was locking from. This usually has to do with session left disconnected but still running with old password. Other are service or task configured with old password needs to be updated. Or even mapped drives with old password etc.
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 18

Expert Comment

by:Americom
ID: 38831941
0
 

Expert Comment

by:RafaZamora
ID: 38833309
Hi
In the event Viewer of the DC filter de security events with the id 644. you find who host is tried to connect with your old credentials.
If you have two or more local Domain Controllers you need to check all of them
Best Regards
0
 

Author Closing Comment

by:frankbustos
ID: 38837176
thanks!
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now