Re: Repeated Account lookout!

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Thanks Paul - I've identified the machine which is sending the wrong
credential using eventcombMT.exe as you've suggested.



Truly appreciated.


-Venkat
"Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx> wrote in message
news:umZqWGDMIHA.748@xxxxxxxxxxxxxxxxxxxxxxx
Is the account logged into more than one machine or is it running a
service on the same machine? A user could have mapped drives to a
resource from one machine, on a different machine he changes his password
and then the first machine attempts to stay mapped to a drive and the
password is no longer correct and eventually locks the user out. Or after
a password is changed a service is running that attempts to authenticate
with an old password.

To help try and track down where the account is getting locked out use
eventcombMT.exe from the Account Lockout tools found out Microsoft's
website. Use the built in search AccountLockouts and search in the
created text files for the user in question.

http://www.microsoft.com/downloads/details.aspx?FamilyID=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en


--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.

"Venkat" <vsethura@xxxxxxxxxxx> wrote in message
news:%23c3kbDDMIHA.4688@xxxxxxxxxxxxxxxxxxxxxxx
One particular user account in our domain is getting frequent lockout.
I've enabled the nltest /dbflag:0x2080ffff and checked the netlogon.log i
can't find his id inside. (Checking in the PDC windows 2003 domain)

But account lockout status uttility shows every 1 hours his ID id is
attemting two bad passwords. Since my GP will allow only 6 bad password
counts every 3 hours his account is getting locked.

Any suggestion to capture the source which is sending the BAD password is
truly appreciated.

PS: For this user for some reason, we found the pre-windows ID and logon
name (user@xxxxxxxxxx) are different.

Thanks,
Venkat






.

Relevant Pages

  • Re: Not authorized to change password?
    ... Thanks Paul. ... > To help try and track down where the account is getting locked out use ... > eventcomboMT.exe from the Account Lockout tools found out Microsoft's ... Use the built in search AccountLockouts and search in the created ...
    (microsoft.public.windows.server.active_directory)
  • Re: aspnet_wp.exe could not be started
    ... Paul - Thanks for the reply. ... The only issue I have with that suggestion is that the entire project works ... > virtual directory that the ASPNET account is listed. ... >> insufficient rights to read the .NET Framework files. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: are Catholics Christians ?!
    ... He doesn't say that a somewhat variant type of flesh ... As Gareth said, if all we had was Paul, we wouldn't ... What was Jesus and what is Jesus now? ... that we can simply read any and every Gospel account ...
    (uk.religion.christian)
  • Re: Hi Play65Official Sheila Baker, I was Play65 user nicknamed SleepWalkerr in November 2006.
    ... I was Play65 user nicknamed SleepWalkerr in November ... Play65 closed my account with some funny reasons. ... I want to write here some laughable mails, received from Mr Paul one ... GE sent me a new reason to close my account. ...
    (rec.games.backgammon)
  • VA-ALERT: Brandishing a finger? VCDL member charged...
    ... I have known Paul for years, and while he is definitely an outspoken individual when it comes to his rights and the Second Amendment, I have never seen him behave in a manner that would threaten anyone. ... For those, an account is presented on the OpenCarry.org forum that, if substantiated, presents serious concerns about security, police and prosecutorial misconduct. ... nothing in the reports of the incident suggest the Virginia ?obstruction? ...
    (rec.guns)