Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Active directory user lock out

Status
Not open for further replies.
Pipeops

Pipeops

MIS
Apr 28, 2008
77
US
We have a user who is constantly being locked out every morning he gets into the office and this happens about every other day due to an unknown reason. We are using Active directory running on Wndows 2003 server with XP workstations.

This is not due to a bad password and the user does not have any software running that requires his credentials.

Any help is much appreciated.
 
Sort by date Sort by votes
i checked the client and there is no malware on it
 
Upvote 0 Downvote
Take Pat's advice and turn up auditing. It will help narrow down the time that the user's credentials are being tried incorrectly. This should help narrow it down.


Thanks,
Andrew

[smarty] Hard work often pays off over time, but procrastination pays off right now!
 
Upvote 0 Downvote
99% of the time it is a bad password but you need to find out where it is being used. It can be from another machine the user uses occasionally and forgot about, where he mapped a drive to another machine using credentials (password) that has now changed. Each time the machine needs to refresh with the domain it tries to reconnect to that resource with the last credentials used.

Look for a service or scheduled job or script using their id and it could be trying an old password.

It could be a VMWare image that has just been started back up with old credentials.

The fact it is every morning would indicate a machine that is up all night. If your bad password policy is set low (3 bad tries)it would probably show up pretty fast. If it is set high (30) it could be slower to show itself.

Does the person uses external email access (Blackberry). I recently had a user who forgot they had set up a "BIS" account with their provider and used their work id and password to allow access to his work email system. 60 days later when the password expired and the user changed it, the external provider account was still trying to use the old pw, and it began locking the domain account every time it tried to sync up.

Do not believe your end user when they swear they are not using any other machine or they have no services set up to run with their account, they usually "forget" about them. Keep digging and understand how this person uses their account in order to determine where it can be coming from.

Do they have OWA from the outside into your internal email system? They may have left a home machine connected with old credentials.

Even muffed tries on unlocking your screen saver can contribute to your bad pw count.
 
Upvote 0 Downvote
Thank you everyone for your help. The issue turned out to be office communicator on the users blackberry which had the wrong password and automatically was trying to log in every once in a while causing the lock out of the actual active directory account since it uses AD credentials to log in
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

julis2103
  • Locked
  • Question
Active Directory
Replies
0
Views
84
julis2103
julis2103
goombawaho
  • Locked
  • Question
Microsoft Azure Active Directory - Backup Admin Account 1
Replies
2
Views
328
goombawaho
goombawaho
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
268
DrB0b
DrB0b
penguinroundup
  • Locked
  • Question
programmatically delete all saved passwords for IE for any user
Replies
0
Views
96
penguinroundup
penguinroundup
geneg28
  • Locked
  • Question
Active Directory and Linux Servers
Replies
0
Views
81
geneg28
geneg28

Part and Inventory Search

Sponsor

Back
Top