Solved

Account Keeps Locking out

Posted on 2014-09-11
20
281 Views
Last Modified: 2014-09-17
Hi Guys,

We are using active roles in our environment and there is an account that keeps locking out.

How do I find out what's causing this to happen?

Regards,
Kay
0
Comment
Question by:Kay
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 10
  • 6
  • 3
  • +1
20 Comments
 
LVL 23

Accepted Solution

by:
rhandels earned 500 total points
ID: 40316632
You could check loggings on DC's to see what the originating name of the machine is that locks that account.
Normally though it is a device (i say device on purpose) that connects to your wireless network if account name is needed or it could be that someone is using cached credentials on a machine to the password keeps on being passed to AD.
0
 

Author Comment

by:Kay
ID: 40316652
Hi Rhandels,

How do I do this?

Regards,
K
0
 
LVL 13

Expert Comment

by:Mark Galvin
ID: 40316655
Is the account one that is used by a user or an admin or a system?

I would disable to account in AD and then wait for either the user or admin to complain. Similarly if you notice a system has stopped working then you will be able to pinpoint where that account is in use. Although if it were a system locking it out, that shouldn't in theory wouldn’t be working as its using the wrong password!!

Thanks
Mark
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:Kay
ID: 40316656
the ad account is an admin account
0
 
LVL 23

Expert Comment

by:rhandels
ID: 40316671
You need to check the event viewer on a Domain Controller and go to the security log. This is were all logon attempts are logged.
0
 

Author Comment

by:Kay
ID: 40316854
we have two sites, DC1 and DC2, in dc1 we have two domain controllers and in dc2 we have another 2,

where should I check?
0
 
LVL 23

Expert Comment

by:rhandels
ID: 40316898
Normally all domain controllers in a domain log all loggon sessions. So take the domain controller of the domain the user is member off (or at least authenticates to)/

You could run "set" command in cmd and search for the logonserver value. This is were your session is authenticated against (the DS that is).
0
 

Author Comment

by:Kay
ID: 40316914
how do I run the set command ? can you please give me an example??
0
 
LVL 23

Expert Comment

by:rhandels
ID: 40316922
Got to start, run and then type CMD (command windows). Then in the command window type SET
0
 

Author Comment

by:Kay
ID: 40316993
then what do I type?
0
 

Author Comment

by:Kay
ID: 40316996
it just says name[0]
0
 
LVL 23

Expert Comment

by:rhandels
ID: 40317011
what machine are you doing this with?? Are you actually inside a Windows domain??
0
 

Author Comment

by:Kay
ID: 40317208
yes
0
 

Author Comment

by:Kay
ID: 40317223
I've got this software from Microsoft called accountlockoutstatus and this tells me that the account was not locked out due to logon attempts:

http://www.microsoft.com/en-us/download/details.aspx?id=15201 

The user tells me that there is only one server he logs into using his domain credentials.

what could be the cause?
0
 
LVL 23

Expert Comment

by:rhandels
ID: 40317397
Not locked out due to logon attampts?? The only other way an account can be locked out is if it is manually done by the administrator and For as far as i know he or she can only disable the account, not even lock it out manually.

My guess would be that the user added his credentials in some sort of application or maybe his mobile phone, changed his password and now all of a sudden his account is being locked out, to be honest i can't think of anything else.

You could try and check his cached credentials, go to control panel --> Credential manager and check and see if he has "old" credentials stored. If so, delete these..
0
 
LVL 13

Expert Comment

by:Mark Galvin
ID: 40317432
Agreed. There are only two ways to have an account locked out and rhandels has mentioned them both.

I still think you should disable the account in AD and then wait for either the user or admin to complain as per my post earlier.

The user that is using that acount should come to you and say where the account is being used.

Thanks
Mark
0
 

Author Comment

by:Kay
ID: 40319321
the account could be used by a software, device, etc so disabling it don't make any sense.
0
 

Author Comment

by:Kay
ID: 40319326
nope no cached credentials
0
 
LVL 2

Expert Comment

by:Azurael
ID: 40321868
There is a good chance that MS Credential Manager has saved the credentials on the end-user's machine. Probably for exchange or a similar service (failed logon attempts to exchange or Office 365 will also lock the account out)

On the users' machine, log on to the user's profile, then Go to Control Panel -> Credential Manager and clear any entries that contain the credentials for the account which is being locked out (Including Outlook credentials).

Confirm with the user that this is the only device where their credentials are used. If there is another device, check that as well.
0
 
LVL 13

Expert Comment

by:Mark Galvin
ID: 40322612
Kay

You state 'the account could be used by a software, device, etc. so disabling it don't make any sense. '. You have already stated that the account is used by one admin but that admin cannot help you identify what is causing the lock out.

I and other exports have explained the two possible scenarios as to why an AD account can be locked out.

My suggestions of disabling the account is what I would do to identify where the lock out is occurring.

To me that does make sense. If it is a software, device then as once you disable the account it should be come apparent very quickly which system or device is locking it out.

It’s also worth noting, whatever is locking the account - it’s likely not working hence the lock outs :-)

Thanks
Mark/
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the steps required to use the default Photos screensaver to display branding/corporate images
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question