J.R. Sitman
asked on
Domain Administrator locked out "Again"
I posted this question previously and was able to solve it using Netwrix account lockout. This time I can't solve it. When I unlock his account, with in 1 minute it locks again. He is connecting from Long Beach to Los Angeles. He is completely logged off of his computer as of this posting, put his still getting locked out.
It previously stated his password was bad 3 times. Now it shows 0 for bad password, but within a minute he is locked out. See image. In the image it shows he is connected from Workstation FreeRDP. I have no idea what that is.
HELP!
It previously stated his password was bad 3 times. Now it shows 0 for bad password, but within a minute he is locked out. See image. In the image it shows he is connected from Workstation FreeRDP. I have no idea what that is.
HELP!
ASKER
He is not logged on to any computer at this location and he is only getting locked out from one DC.
Try rename domain admin account to different one or create another domain user and assign him Domanin Admin rights.
Then this will give you more time.
You can enable audit in your domain and check DC security log to find out from what place lock out is coming.
Then this will give you more time.
You can enable audit in your domain and check DC security log to find out from what place lock out is coming.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
@Shaun your article is very good. I was able to pin point the server causing the lockout.
Identify the source of Account Lockouts in Active Directory: https://community.spiceworks.com/how_to/128213-identify-the-source-of-account-lockouts-in-active-directory
Troubleshooting account lockout the Microsoft PSS way:
http://blogs.technet.com/b/instan/archive/2009/09/01/troubleshooting-account-lockout-the-pss-way.aspx
Hope this helps!
Troubleshooting account lockout the Microsoft PSS way:
http://blogs.technet.com/b/instan/archive/2009/09/01/troubleshooting-account-lockout-the-pss-way.aspx
Hope this helps!
ASKER
@Kevin. Thanks also very helpful
For diagnosis, you might try: Generate a new account for the user with a completely different name and disable the old account.
If the problem then follows to the new account, there may be a security problem on the user's computer that is exposing network credentials but not passwords. Scan that system aggressively with whatever antivirus is on it, use a couple of the online antiviruses as well, run Malwarebytes against it, and Spybot - Search and Destroy.
If the problem does not follow to the new account, it may still be a hostile attempting to gain access but the user's computer is less likely to be aiding the attempt.