Re: Account getting locked out - Need to find out by whom!

From: Todd J Heron (todd_heron@no_spam.hotmail.com)
Date: 08/09/02

• Next message: Tom Baker: "Re: ACL Issue - Easy Question"
• Previous message: Mark_Pryor: "Re: 3DES with PROV_RSA_FULL ???"
• In reply to: NTNEWS: "Account getting locked out - Need to find out by whom!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Todd J Heron" <todd_heron@no_spam.hotmail.com>
Date: Fri, 9 Aug 2002 13:50:42 -0400

Lockouts are common when there are replication problems between the DCs.
Synchronize the entire domain then check the system log of the Event Viewer
on all DCs to determine whether synchronization was successful. Another
cause is when a password has been recently changed but the user account is
persistently logged into a computer somewhere else in the domain (such as in
a conference room, classroom or computer lab). An open application such as
Microsoft Outlook periodically validating an invalid username/password
combination locks out the account after the specified number of retries.

--
"It is from your failures that you learn the most"
Todd J Heron
todd_heron at hotmail dot com
"NTNEWS" <thanksalot@sc.rr.com> wrote in message
news:eb25Qa7PCHA.1936@tkmsftngp08...
> We have a password policy that locks accounts out after 5 bad password
> attempts.  It than resets it after 5 minutes.  We have auditing turned on
> for everything.  We have one account that continuously gets locked out.
We
> unluck it and within minutes it gets locked again.  We have a native mode
> Win2k domain.  I have looked on all the Domain controllers for event ID
539
> which should be "Account locked out".
>
> What are the best steps to zero in on finding out where an account is
> getting locked out from??
>
> thanksalot@sc.rr.com
>
>
>
>

• Next message: Tom Baker: "Re: ACL Issue - Easy Question"
• Previous message: Mark_Pryor: "Re: 3DES with PROV_RSA_FULL ???"
• In reply to: NTNEWS: "Account getting locked out - Need to find out by whom!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Not able to read event viewer log ... you can read event viewer on DCs in your site but not in DCs in different sites? ... -Assuming that is correct, the thing that comes to my head is that you created a new account with Admin previleges, but that account didn't replicated iet for the other DC. ... (microsoft.public.windows.server.active_directory) Re: Multi domain administration ... for a small environment as yours (2 DCs) I would be very ... # Jorge de Almeida Pinto # MVP Windows Server - Directory Services ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ... account in each and reloging each time from my workstation. ... (microsoft.public.windows.server.active_directory) Re: Computer accounts and Remote DCs ... > We have an AD infrastructure that includes two DCs at our main ... > DC at each of several remote sites around the US. ... > domain at our main site, frequently the computer account will ... > If 'D27LT761$' is a legitimate interdomain trust account, ... (microsoft.public.win2000.active_directory) RE: Virus is getting domain account listing ... The Event Viewer logs on the PDC's was the way ... I was able narrow down which machines the Failed logon request was ... I found that the Virus definitions on those machines were ... Virus is getting domain account listing ... (Focus-Microsoft) RDP onto DCs with non-admin accounts ... Production Forest there are 4 DCs which won't accept the logon. ... the sysem won't allow you to logon interactively"; however this user account ... (microsoft.public.windows.server.active_directory)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint