none
Domain admin account keeps locking RRS feed

  • Question

  • Hello All, 

    I have a standard account and a DA account for administrative tasks and out of no where my DA account gets locked on different servers that i'm not even on.  The security event logs on those server don't specify much info but we do have manageEngine ad audit which just tells me that it's locked and the cause was a specific server.  How do I find out the cause of why my DA account keeps getting locked?

    We have a cyber team so I don't believe it's anything malicious, I'm also new to this company and didnt set up any services with my account.  What is a good way to troubleshoot this?

    Thanks,

    Thursday, July 26, 2018 3:31 PM

All replies

  • Hi,

    Logon to the specific server with your DA account and check do you have credentials stored in the credentials manager.

    One best option would be delete the DA profile from the server and see is there any changes happening in your account lockout.

    Thanks

    Syed


    Dont forget to mark as Answered if you found this post helpful.

    Thursday, July 26, 2018 3:35 PM
  • change the account name; see what breaks.
    Thursday, July 26, 2018 3:37 PM
  • Hi,

    Also, we could check Event ID 4625 to get more information, the Process Information part would be helpful for troubleshoot.

    https://docs.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4625

    Best Regards,

    William


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, July 27, 2018 8:58 AM
  • Hiya,

    Search your DC's Security log for EventID 4740. Remember a lot of things happen on a domain, so it might not be a very old log data you have available.

    If you do not see any lockout events, then the audit policy might not be enabled on your servers.

    There you should find your account and also from which IP address the lockout occours.

    Once you have that, you should tjek:

    Services, Task Scheduler, IIS Manager for any places the account could have been used.

    Kind Regards

    Jesper


    Friday, July 27, 2018 11:24 AM
  • I believe I found the issue.  I was set up with an application that rotates my pw daily however I left my account logged into server everyday ( i would just disconnect rather than log off).  I'm really interested in finding out about when Active directory re-authenticates and how being logged into a server when my pw changed locks my account.  I would assume the it re-authenticates every so often and when it does and my pw changes it locks my account. 

    Let me know!

    Thanks,

    Saturday, July 28, 2018 4:31 PM