Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Domain Admin keeps getting locked out

Posted on 2016-10-28
11
35 Views
Last Modified: 2016-11-04
My assistant has been messing with security and has made a mess of a few things.   The biggest problem his is account keeps getting locked out.  He is a Domain Admin.

This has been happening for a few weeks.  
He is positive he is not typing his password incorrectly.

What could be causing this?   HELP!
0
Comment
Question by:J.R. Sitman
  • 7
  • 3
11 Comments
 
LVL 29

Expert Comment

by:serialband
ID: 41864740
Did he change his password while he had a connection open somewhere?  Did he leave himself logged into a system and forget to log out of everything (every single system) before he attempted to change his password?  Did he schedule some task and used his account and password and left the task running without changing the password?

Those are probably the first things to check.  Next check the Event logs for every password authentication related to his account and see which ones are failing.  That might narrow it down.
0
 

Expert Comment

by:Mike Parks
ID: 41864746
His account is in use somewhere and trying to talk to the domain with an old password.  Make sure that he is logged off all computers. Sometimes a person will "Switch Users" on a Windows computer and leave their old session running. Therefore, reboot all computers he has logged into recently.

If he has Exchange on his mobile and he has changed his password recently, he needs to remember to change the password on the phone, too.  Same goes for company wifi - if the wifi controller is tied into Active Directory, then he needs to change the password on the wifi connection.  Both these will cause lockouts if the password isn't changed.
0
 

Author Comment

by:J.R. Sitman
ID: 41864783
I've just become extremely concerned.  When checking the security logs on one of our Citrix servers, there are a very large number of failed attempts.  
Do I need to be concerned or is this typical?

audit failures
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 29

Expert Comment

by:serialband
ID: 41864829
If that's your assistant's account an a computer you know, then that explains the lockout.

If it's not, and it's a random account and your getting numerous random account failures, then you have some script kiddie attack or someone on your network got a virus.  Go find that and fix it.
0
 

Author Comment

by:J.R. Sitman
ID: 41864831
I seriously doubt if it's a virus. But I'll look into the other
0
 

Author Comment

by:J.R. Sitman
ID: 41864835
there are many of those all random names they're definitely not my assistant
0
 
LVL 29

Expert Comment

by:serialband
ID: 41864847
Is that a computer name you recognize?
0
 

Author Comment

by:J.R. Sitman
ID: 41865203
yes, it is one of our Citrix servers.   I don't know how to stop it.  Can you advice, please.
0
 

Author Comment

by:J.R. Sitman
ID: 41865207
I just noticed the Windows Firewall is turned on.   On the other Citrix server we have it is turned off and it is not getting any attacks.

NOTE:  The server that is getting attacks is a Hyper-V VM.
0
 

Accepted Solution

by:
J.R. Sitman earned 0 total points
ID: 41865561
I had to disable his account and create a new one.  I have no idea what he did, but it messed up his account.
0
 

Author Closing Comment

by:J.R. Sitman
ID: 41873683
no actual solution found.  I had to disable my assistants account
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

February 24, 2017 — On February 23, Travis Ormandy, a vulnerability researcher at Google, reported on Twitter (https://twitter.com/taviso/status/834900838837411840) that massive stores of data have been leaked by CloudFlare, a company that provide…
Many businesses neglect disaster recovery and treat it as an after-thought. I can tell you first hand that data will be lost, hard drives die, servers will be hacked, and careless (or malicious) employees can ruin your data.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question