Solved

AD Account Keeps Getting Locked

Posted on 2015-01-28
3
192 Views
Last Modified: 2015-01-28
My own AD account keeps getting locked out.  I recently changed my password, and I'm guessing that I have my credentials saved on some device or application that I'm forgetting about and thus haven't updated.  The result being that said device or application is trying to authenticate with old credentials and locking the account when it fails.  

Please chastise me later about my own poor device management practices.

With that, how can I see what and where there authentication attempts are coming from so that I can fix the problem?  This is a Windows domain, and I can get access to pretty much whatever server resources I may need.

Thanks!
0
Comment
Question by:Geisrud
3 Comments
 
LVL 29

Accepted Solution

by:
Rich Weissler earned 250 total points
ID: 40575769
If you haven't already, you'll want to turn on Security Auditing on the domain controllers, then look in the security log on each of the domain controllers for your lockout event... then find the failed logins for your account just before the lockout.

That said, there is also some disagreement about whether setting Account Lockout is a good policy.  Consider disabling lockout while you fix your account, if you're the only admin... and re-establish the lockout policy when you finish, if you determine it is a policy you want to retain. (And if that is your admin account, consider a non-admin account for 'normal' tasks on things like your desktop and mobile devices.)
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 250 total points
ID: 40575777
Also run

repadmin /showobjmeta <DCname> <"DN of your account">

Look for the originating DSA and lockout time.  Check that DC and the PDCe for event 4740

In 4740 you will notice "Caller computer name"

https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4740

Go investigate that box.

Thanks

Mike
0
 
LVL 14

Author Closing Comment

by:Geisrud
ID: 40575925
I'll splitting points on this.  I was able to find the event I needed in the security logs on the DC.  Running the command the Mike recommended didn't get me anywhere, but event ID 4740 was they key.

Thanks to both.
0

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now