locked
Tracking down account lockout issue. RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    I have a Domain Admin account in one of our domains containing six DC's.  My account is being locked out on a DAILY basis.  I don't use that account to run any services.  I'm attaching screen shots of the messages.  They are nondescript from the standpoint of directing me to the server or computer that is generating the lockouts.

     

    How can I track down the machine that is locking out my account?

     

    Friday, February 17, 2017 5:25 PM

Answers

  • Question
    Sign in to vote
    1
    Sign in to vote

    Hi

     You can configure advanced audit policy to find the source;

    https://technet.microsoft.com/en-us/library/dd408940%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

    https://technet.microsoft.com/en-us/library/jj852202(v=ws.10).aspx

    Also these are possibilies about lockout issue,
    -Mapped network drives
    -Logon scripts that map network drives
    -RunAs shortcuts
    -Accounts that are used for service account logons
    -Processes on the client computers
    -Programs that may pass user credentials to a centralized network program or middle-tier application layer
    -Active sync devices (cell phone,etc..)  

    and you can check the source with Account Lock tool (for server 2003); https://www.microsoft.com/en-us/download/details.aspx?id=15201
     New tools to troubleshoot this in Windows Server 2008 R2,called dsac.exe which is the "Active Directory Administration Centre"..check the article for; https://blogs.technet.microsoft.com/askds/2011/04/12/you-probably-dont-need-acctinfo2-dll/
    also you can check with these 3rd paty tools; lepide,netwrix....

    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    • Proposed as answer by Alvwan Tuesday, February 21, 2017 6:46 AM
    • Marked as answer by D. Ingram Friday, February 24, 2017 5:58 PM
    Friday, February 17, 2017 6:46 PM

All replies

  • Question
    Sign in to vote
    1
    Sign in to vote

    Hi

     You can configure advanced audit policy to find the source;

    https://technet.microsoft.com/en-us/library/dd408940%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

    https://technet.microsoft.com/en-us/library/jj852202(v=ws.10).aspx

    Also these are possibilies about lockout issue,
    -Mapped network drives
    -Logon scripts that map network drives
    -RunAs shortcuts
    -Accounts that are used for service account logons
    -Processes on the client computers
    -Programs that may pass user credentials to a centralized network program or middle-tier application layer
    -Active sync devices (cell phone,etc..)  

    and you can check the source with Account Lock tool (for server 2003); https://www.microsoft.com/en-us/download/details.aspx?id=15201
     New tools to troubleshoot this in Windows Server 2008 R2,called dsac.exe which is the "Active Directory Administration Centre"..check the article for; https://blogs.technet.microsoft.com/askds/2011/04/12/you-probably-dont-need-acctinfo2-dll/
    also you can check with these 3rd paty tools; lepide,netwrix....

    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    • Proposed as answer by Alvwan Tuesday, February 21, 2017 6:46 AM
    • Marked as answer by D. Ingram Friday, February 24, 2017 5:58 PM
    Friday, February 17, 2017 6:46 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

    Best Regards,

    Alvin Wang

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, February 23, 2017 2:10 AM