Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

AD Account Keeps Getting Locked

Posted on 2015-01-28
3
Medium Priority
?
214 Views
Last Modified: 2015-01-28
My own AD account keeps getting locked out.  I recently changed my password, and I'm guessing that I have my credentials saved on some device or application that I'm forgetting about and thus haven't updated.  The result being that said device or application is trying to authenticate with old credentials and locking the account when it fails.  

Please chastise me later about my own poor device management practices.

With that, how can I see what and where there authentication attempts are coming from so that I can fix the problem?  This is a Windows domain, and I can get access to pretty much whatever server resources I may need.

Thanks!
0
Comment
Question by:Geisrud
3 Comments
 
LVL 30

Accepted Solution

by:
Rich Weissler earned 1000 total points
ID: 40575769
If you haven't already, you'll want to turn on Security Auditing on the domain controllers, then look in the security log on each of the domain controllers for your lockout event... then find the failed logins for your account just before the lockout.

That said, there is also some disagreement about whether setting Account Lockout is a good policy.  Consider disabling lockout while you fix your account, if you're the only admin... and re-establish the lockout policy when you finish, if you determine it is a policy you want to retain. (And if that is your admin account, consider a non-admin account for 'normal' tasks on things like your desktop and mobile devices.)
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 1000 total points
ID: 40575777
Also run

repadmin /showobjmeta <DCname> <"DN of your account">

Look for the originating DSA and lockout time.  Check that DC and the PDCe for event 4740

In 4740 you will notice "Caller computer name"

https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4740

Go investigate that box.

Thanks

Mike
0
 
LVL 14

Author Closing Comment

by:Geisrud
ID: 40575925
I'll splitting points on this.  I was able to find the event I needed in the security logs on the DC.  Running the command the Mike recommended didn't get me anywhere, but event ID 4740 was they key.

Thanks to both.
0

Featured Post

Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question