troubleshooting Question

Why is a user who's account has been disabled and is no longer at the company generating event 4768 in Windows security log?

Avatar of Robert Wilmoth
Robert WilmothFlag for United States of America asked on
ExchangeSecurityActive DirectoryPC
8 Comments4 Solutions314 ViewsLast Modified:
Daily I get a couple hundred event 4768 audit failures on my DC from a user who is no longer here and who's account I have disabled. The ticket options are 0x40810010 and result code is 0x12 service ID is Null which is consistent with the user account being disabled. The account name is the user name and the PC name since they were the same. The PC has since been re-imaged. The client address is ::ffff10.0.1.236 (my exchange server) I just don't understand why I'm seeing these errors. Any ideas would be appreciated.
Join our community to see this answer!
Unlock 4 Answers and 8 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 4 Answers and 8 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros