swilliamson-mwns
asked on
Account Keeps Getting Locked Out
I have an issue with an Admin account that keeps getting locked out. This happened after the password was changed. I'm afraid that there is some sort of auto login setup on a server somewhere that is using the old password but can't seem to find it. Can't find anything in the security logs. Any ideas on how to track this down? Seems like the account gets locked out after about 5 minutes after unlocking. Any help is appreciated. Thanks
I've used the LockOutStatus tool in the below download from Microsoft to help in finding this. Could also be a service set to run as admin or if the admin account is logged in somewhere from before the password was changed.
https://www.microsoft.com/en-us/download/details.aspx?id=18465
https://www.microsoft.com/en-us/download/details.aspx?id=18465
ASKER
Guys, Thanks for the replies.
Dipersp, Is the lockout screen app supposed to tell you what computer is causing the lockout? If so, then it tells me that the DC is causing the issue and i see NO services or tasks that are running with that account. It loks out within a couple minutes. Any thoughts?
Dipersp, Is the lockout screen app supposed to tell you what computer is causing the lockout? If so, then it tells me that the DC is causing the issue and i see NO services or tasks that are running with that account. It loks out within a couple minutes. Any thoughts?
You don't need external tools to find the machine where the lockout is caused. See my comments here https://www.experts-exchange.com/questions/28693377/Password-Lockout-of-a-user.html where I write "To understand and find that: Stage a lockout with a test account and have it lockout on your own workstation. Then look into the logs at the DCs searching for your own IP."
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hm, had you given feedback, we would have found a way, for sure. Next time :)
ASKER
I do apologize for that. Had too many issues going on at once.
No problem. We all know how it goes in IT.
ASKER
You got it. Thanks for understanding.
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
Configure Active Directory Auditing (HowTo on my site)
http://www.wsit.ca/how-tos/active-directory/configure-active-directory-auditing/
If you have several domain controllers this will be difficult to manage as the logs will be on the domain controller that the user account is authenticating to.
A great product to accomplish this is Active Directory Auditor by Lepide Software.
http://www.lepide.com/lepideauditor/active-directory.html
This software will outline in a detailed report exactly where the machine is locking out on.
Will.