After much troubleshooting, I've concluded my issue to be something on my network that I need help finding. My network is a Microsoft single domain 2012 environment - something is running/brute-forcing all domain accounts passwords. When my GPO under Computer-Policies-Windows Settings-Security Settings- Account Policies/Password Policy-Acct. Lockout duration is set for 10 minutes and Account lockout threshold is set for 5 invalid login attempts, the phones don't stop ringing for 200 users; everyone gets locked out. If I alter the settings to a Lockout duration set for 2 minutes and Account lockout threshold set for 200 invalid login attempts, the calls/lockouts stop but I still have the issue. I'm verify this using the lockoutstatus.exe 1.0.0.60 provided by the Windows Resource Kit by looking at the last bad password time. They are all within the last 24 hours for all user accounts. Luckily, the domain Administrator account is never effected but all others are.
I have 1 physical Domain Controller. I have virus protection on every node and server. Everything is clean according to my Anti-virus service.
Question - What software program can I purchase that will help pin-point the issue or what other methods are available that can help pin-point the issue?
Our community of experts have been thoroughly vetted for their expertise and industry experience.
The Distinguished Expert awards are presented to the top veteran and rookie experts to earn the most points in the top 50 topics.