Re: Account Being Locked Somewhere

Hi Andrew,

Make sure that on the DCs you have auditing turned on for logon events so
that you can see which machine is sending the bad passwords.

Once you have determined the machine there are a number of places on a
machine that store users passwords that could cause the password to lockout
automatically. Some are:

Services
Mapped Network Drives
Scheduled Tasks
Credential Manager (Start -> Run -> control keymgr.dll)
3rd Party applications
DHCP Server
Malware
etc.

Since he just changed his password this morning I would suspect that it is
somewhere he has saved it and just needs to update the password.

Hope this helps,

Brian Delaney
Microsoft Canada
--

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
From: "Andrew Hayes" <AndrewHayes@xxxxxxxxxxxxxxxxxxxxxxxxx>
References: <uKxrKRrwGHA.3392@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: Account Being Locked Somewhere
Date: Fri, 18 Aug 2006 19:53:54 +0900

Looked at his Services list. None of them are set to use his account.

"Andrew Hayes" <AndrewHayes@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:uKxrKRrwGHA.3392@xxxxxxxxxxxxxxxxxxxxxxx
One of my users, a developer, keeps getting his account locked out, but
I
don't see anything in the domain controller security event log that
helps
me figure out why it's being locked.

He changed his password this morning, so maybe he has a service that
uses
his account.

Is there any way to track down where (machine or otherwise) his account
is
being locked from?





.

Relevant Pages

  • Re: Multi domain administration
    ... for a small environment as yours (2 DCs) I would be very ... # Jorge de Almeida Pinto # MVP Windows Server - Directory Services ... BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx ... account in each and reloging each time from my workstation. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Computer accounts and Remote DCs
    ... > We have an AD infrastructure that includes two DCs at our main ... > DC at each of several remote sites around the US. ... > domain at our main site, frequently the computer account will ... > If 'D27LT761$' is a legitimate interdomain trust account, ...
    (microsoft.public.win2000.active_directory)
  • RDP onto DCs with non-admin accounts
    ... Production Forest there are 4 DCs which won't accept the logon. ... the sysem won't allow you to logon interactively"; however this user account ...
    (microsoft.public.windows.server.active_directory)
  • Re: How to Remove Ghost DC from AD
    ... > Users and Computers, in the Domain Controllers container, ... > It seems that it cannot be deleted as the server is registered ... > not this account is to be trusted for delagation". ... > Can anybody help me to remove this Ghost DCs from the Active ...
    (microsoft.public.win2000.active_directory)
  • RE: Computer account added to remote site DC
    ... The site a machine account belongs in is determined by the SUBNET and SITES ... Security Settings mismatched on these DCs ... > Our domain topology is hub and spoke. ...
    (microsoft.public.windows.server.active_directory)