Solved

AD Account Keeps Getting Locked

Posted on 2015-01-28
3
198 Views
Last Modified: 2015-01-28
My own AD account keeps getting locked out.  I recently changed my password, and I'm guessing that I have my credentials saved on some device or application that I'm forgetting about and thus haven't updated.  The result being that said device or application is trying to authenticate with old credentials and locking the account when it fails.  

Please chastise me later about my own poor device management practices.

With that, how can I see what and where there authentication attempts are coming from so that I can fix the problem?  This is a Windows domain, and I can get access to pretty much whatever server resources I may need.

Thanks!
0
Comment
Question by:Geisrud
3 Comments
 
LVL 30

Accepted Solution

by:
Rich Weissler earned 250 total points
ID: 40575769
If you haven't already, you'll want to turn on Security Auditing on the domain controllers, then look in the security log on each of the domain controllers for your lockout event... then find the failed logins for your account just before the lockout.

That said, there is also some disagreement about whether setting Account Lockout is a good policy.  Consider disabling lockout while you fix your account, if you're the only admin... and re-establish the lockout policy when you finish, if you determine it is a policy you want to retain. (And if that is your admin account, consider a non-admin account for 'normal' tasks on things like your desktop and mobile devices.)
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 250 total points
ID: 40575777
Also run

repadmin /showobjmeta <DCname> <"DN of your account">

Look for the originating DSA and lockout time.  Check that DC and the PDCe for event 4740

In 4740 you will notice "Caller computer name"

https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4740

Go investigate that box.

Thanks

Mike
0
 
LVL 14

Author Closing Comment

by:Geisrud
ID: 40575925
I'll splitting points on this.  I was able to find the event I needed in the security logs on the DC.  Running the command the Mike recommended didn't get me anywhere, but event ID 4740 was they key.

Thanks to both.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
MS Endpoint Protection 2 20
accidental deletion - ad recycle bin 3 18
TLS/SSL Diable 3DES ciper suites 4 27
EXCHANGE, ACTIVE DIRECTORY 1 29
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now