Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Active directory user lock out

Status
Not open for further replies.

Pipeops

MIS
Apr 28, 2008
77
US
We have a user who is constantly being locked out every morning he gets into the office and this happens about every other day due to an unknown reason. We are using Active directory running on Wndows 2003 server with XP workstations.

This is not due to a bad password and the user does not have any software running that requires his credentials.

Any help is much appreciated.
 
i checked the client and there is no malware on it
 
Take Pat's advice and turn up auditing. It will help narrow down the time that the user's credentials are being tried incorrectly. This should help narrow it down.


Thanks,
Andrew

[smarty] Hard work often pays off over time, but procrastination pays off right now!
 
99% of the time it is a bad password but you need to find out where it is being used. It can be from another machine the user uses occasionally and forgot about, where he mapped a drive to another machine using credentials (password) that has now changed. Each time the machine needs to refresh with the domain it tries to reconnect to that resource with the last credentials used.

Look for a service or scheduled job or script using their id and it could be trying an old password.

It could be a VMWare image that has just been started back up with old credentials.

The fact it is every morning would indicate a machine that is up all night. If your bad password policy is set low (3 bad tries)it would probably show up pretty fast. If it is set high (30) it could be slower to show itself.

Does the person uses external email access (Blackberry). I recently had a user who forgot they had set up a "BIS" account with their provider and used their work id and password to allow access to his work email system. 60 days later when the password expired and the user changed it, the external provider account was still trying to use the old pw, and it began locking the domain account every time it tried to sync up.

Do not believe your end user when they swear they are not using any other machine or they have no services set up to run with their account, they usually "forget" about them. Keep digging and understand how this person uses their account in order to determine where it can be coming from.

Do they have OWA from the outside into your internal email system? They may have left a home machine connected with old credentials.

Even muffed tries on unlocking your screen saver can contribute to your bad pw count.
 
Thank you everyone for your help. The issue turned out to be office communicator on the users blackberry which had the wrong password and automatically was trying to log in every once in a while causing the lock out of the actual active directory account since it uses AD credentials to log in
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top