Re: user account locked up frequently

Tech-Archive recommends: Fix windows errors by optimizing your registry

Meinolf,
is logon/logoff event got replicated to each DC in Windows 2003 domain?
Maybe that's the one wasn't replicated but now is.

"Meinolf Weber" wrote:

Hello Chris,

Event viewer entries will not be replicated, they stay on the DC where it
was locked. If you mean the flag for the locked account, yes.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Thanks everyone. I'll try AL Tools first. I thought with Windows
2003 domain account lockout events replicated to all domain
controllers. Is that right?

"Paul Bergson [MVP-DS]" wrote:

Is the account logged into more than one machine or is it running a
service on the same machine? A user could have mapped drives to a
resource from one machine, on a different machine he changes his
password and then the first machine attempts to stay mapped to a
drive and the password is no longer correct and eventually locks the
user out. Or after a password is changed a service is running that
attempts to authenticate with an old password.

To help try and track down where the account is getting locked out
use eventcombMT.exe from the Account Lockout tools found out
Microsoft's website. Use the built in search AccountLockouts and
search in the created text files for the user in question.

http://www.microsoft.com/downloads/details.aspx?FamilyID=7AF2E69C-91F
3-4E63-8629-B999ADDE0B9E&displaylang=en

You can also set the debug flag on NetLogon to track authentication.
"This creates a text file on the PDC that can be examined to
determine which clients are generating the bad password attempts."
http://support.microsoft.com/kb/189541
http://support.microsoft.com/kb/109626

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.

"Chris" <Chris@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:7807D743-B361-4C15-AB82-37FDDBE7B757@xxxxxxxxxxxxxxxx

a user complained that her AD user account got locked up frequently.
How
can
I troubleshoot what the cause could be? Maybe she changed her
password
and
some software is still using the old one. Anyway, need to find a
way to
tell
what is the cause and where it's from (the machine).
Thanks.




.

Relevant Pages

  • Re: Computers lose domain trust
    ... Search for Event id 647 Computer account deleted ... "Meinolf Weber" wrote: ... Audit account logon events success, failure ...
    (microsoft.public.windows.server.active_directory)
  • Re: Inheireted computer
    ... recovery disc and would like to make this system recovery disc or some ... "Meinolf Weber" wrote: ... Check that your account is in the administrators group of the ... I would like to delete the other administrator as a user and change ...
    (microsoft.public.win2000.security)
  • Re: user account locked up frequently
    ... This posting is provided "AS IS" with no warranties, ... "Meinolf Weber" wrote: ... If you mean the flag for the locked account, ...
    (microsoft.public.windows.server.active_directory)
  • RE: Server 2000 - 2003 Migration
    ... This posting is provided "AS IS" with no warranties, ... Password Export Server or the account that the Password Export Server ... group in the source domain and that the Password Export Service ... "Meinolf Weber" wrote: ...
    (microsoft.public.windows.server.migration)
  • Re: sbs2003 to (new)server2003 user issue
    ... If you work over RDP to the SBS it will work on that way. ... "Meinolf Weber" wrote: ... Even if the account in the domain and the local account on the ... account has no rights to the server shares. ...
    (microsoft.public.windows.server.active_directory)