Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

active directory

Posted on 2016-11-22
11
Medium Priority
?
94 Views
Last Modified: 2017-01-17
user account is locked out in my domain

I ran account lock out tool  for that user and it pointed to my DC to look for event logs.

I got following:

security id: system
account name: dc name
account domain: name of domain
logon id: 0x3e7
details:
subject user id: S-1-5-18
TARGET sid- s-1-5-21-968979113-105-3586556-204008010-32768

caller computer name:

caller computer name is blank

 what inference can I draw
0
Comment
Question by:pramod1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
11 Comments
 
LVL 29

Expert Comment

by:Dan McFadden
ID: 41897483
The SID is the account that is having the issue.  You can grab the username with a little Powershell.  This link shows you how to do this:  Convert SID to User Name using PowerShell

Here is more of an in depth explanation of the article above:

Link:  https://technet.microsoft.com/en-us/library/ff730940.aspx

Dan
0
 

Author Comment

by:pramod1
ID: 41897494
Sorry, I didn't get you, what is happening with his SID account , his user name is sm1jrh, how should I run the script and should I run on DC.?
0
 
LVL 29

Expert Comment

by:Dan McFadden
ID: 41897498
Don't bother with the Powershell.  Asking "what inference can I draw " is asking what does the info you posted mean.

If you know the user account name, then all you need to do is unlock the account.  Open the "AD Users and Computers" management tool, search for the user account and unlock the account.

Dan
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:pramod1
ID: 41897501
it is locked frequently and I ran the account lock out tool and it gave the above result In event viewer on DC

so my question was what is wrong with SID account you mentioned, I unlocked it still it gets locked every morning or late eening

so what is wrong so I can the script you gave
0
 
LVL 29

Expert Comment

by:Dan McFadden
ID: 41897510
There is nothing wrong with the SID that you mentioned.  You asked what is to be done with that message, I told you what it meant.  You did not mention that you had already unlocked the account.

You need to determine where (which computer) this account is being used and for what purpose(s) its being used.  If it is only being used as a login account for a person (not a service) then you figure out what that person is doing to lock out their account so often.

Dan
0
 

Author Comment

by:pramod1
ID: 41897525
so what was that script for, computername is not mentioned in event viewer.
0
 

Author Comment

by:pramod1
ID: 41897551
it gives audit failure : service name: krbtgt\domain name
status : 0x18
ip address as well
0
 
LVL 29

Expert Comment

by:Dan McFadden
ID: 41897568
The Powershell commands were to determine the account username by using the SID.

What command(s) return the message:


it gives audit failure : service name: krbtgt\domain name
status : 0x18
ip address as well

When answering, please indicate what commands you are using.  Its helps me help you.

Dan
0
 

Author Comment

by:pramod1
ID: 41897573
I used account lock out tool again and it pointed me to event viewer on DC I pulled from there
0
 
LVL 29

Accepted Solution

by:
Michael Pfister earned 2000 total points
ID: 41897584
0
 
LVL 29

Expert Comment

by:Michael Pfister
ID: 41897588
Have a look at the Dcs security event log around the time the lockout happens. if you're lucky it will log more Information right before or after the lockout
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question