Solved

AD Account Keeps Getting Locked

Posted on 2015-01-28
3
203 Views
Last Modified: 2015-01-28
My own AD account keeps getting locked out.  I recently changed my password, and I'm guessing that I have my credentials saved on some device or application that I'm forgetting about and thus haven't updated.  The result being that said device or application is trying to authenticate with old credentials and locking the account when it fails.  

Please chastise me later about my own poor device management practices.

With that, how can I see what and where there authentication attempts are coming from so that I can fix the problem?  This is a Windows domain, and I can get access to pretty much whatever server resources I may need.

Thanks!
0
Comment
Question by:Geisrud
3 Comments
 
LVL 30

Accepted Solution

by:
Rich Weissler earned 250 total points
ID: 40575769
If you haven't already, you'll want to turn on Security Auditing on the domain controllers, then look in the security log on each of the domain controllers for your lockout event... then find the failed logins for your account just before the lockout.

That said, there is also some disagreement about whether setting Account Lockout is a good policy.  Consider disabling lockout while you fix your account, if you're the only admin... and re-establish the lockout policy when you finish, if you determine it is a policy you want to retain. (And if that is your admin account, consider a non-admin account for 'normal' tasks on things like your desktop and mobile devices.)
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 250 total points
ID: 40575777
Also run

repadmin /showobjmeta <DCname> <"DN of your account">

Look for the originating DSA and lockout time.  Check that DC and the PDCe for event 4740

In 4740 you will notice "Caller computer name"

https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4740

Go investigate that box.

Thanks

Mike
0
 
LVL 14

Author Closing Comment

by:Geisrud
ID: 40575925
I'll splitting points on this.  I was able to find the event I needed in the security logs on the DC.  Running the command the Mike recommended didn't get me anywhere, but event ID 4740 was they key.

Thanks to both.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question