AD Account is getting locked out constantly

My user account gets locked out constantly.  I ran the MS lockout tools and could see the account getting locked out.  I also ran the other tools EventcombMT and found a device with my name on it to be the culprit with an IP address.  When I pinged that IP address, it came back with the device and the device name was mine.  I looked in Active Directory computers and that device is not a computer listed.  My computer is listed with the correct computer name.  How do I find this rouge computer that is trying to log on and authenticate; thus locking out my account?  I killed the DHCP lease to kick the computer off; but how do I find it?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

NVITEnd-user supportCommented:
Do you have a scheduled task trying to run with an expired password?
SalongeAuthor Commented:
No, i don't.
Will SzymkowskiSenior Solution ArchitectCommented:
When you are dealing with Account Lockout I would definitely recommend downloading Lepide Auditor for Active Directory. Free trial.

You need to make sure that the following steps are done first before the software will work properly.

- Ensure that you have Audting Enabled on the Default Domain Controllers Policy
- Increase the Security Logs on all Dc's to 1GB
- make sure that you have an account that has domain admins privs to allow access to the logs on the DC.

You can install this software on a member server or a workstation and when you run the reports it will provide all of the info needed and exactly where the account is being locked out on.

Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

SalongeAuthor Commented:
This tool will not download.  I have found the name of the device, it is just not mine and not a member of our domain.  It has a pingable ip on our lan.
Do you have managed switches? If so, determine the mac address of the offending device  by:
1. ping the device
2. run arp -a, in the cmd prompt. this will show mac addy of each IP that your computer has talked w/ lately.

Then, look for the switch port that is showing that MAC as connected. Numerous ways you accomplish this, depending upon what type of switch you have.

From there, and hopefully your patch panel is labeled, you should be able to figure out where the other end of the cable is.

Alternately, ask everyone to shut down their computers one evening, then see what ports are lit and ping the offending device while unplugging one lit switch port at a time until you identify it.

I had a problem w/ one client whose account locked out once a week (monday am of course). Turned out waaaayyyy in the past she has setup a local backup on a windows computer using her domain creds to run the scheduled task (w/ an old pw). Like a trooper, every sunday evening that computer tried to run a backup.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SalongeAuthor Commented:
I was able to find the Mac address and blocked it. I will see who is unable to get on tomorrow.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.