Re: user account locked up frequently
- From: Meinolf Weber <meiweb(nospam)@gmx.de>
- Date: Fri, 20 Jun 2008 19:37:01 +0000 (UTC)
Hello Chris,
Again event log's wan't be replicated. Please describe what you define as event.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Meinolf,
is logon/logoff event got replicated to each DC in Windows 2003
domain?
Maybe that's the one wasn't replicated but now is.
"Meinolf Weber" wrote:
Hello Chris,
Event viewer entries will not be replicated, they stay on the DC
where it was locked. If you mean the flag for the locked account,
yes.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Thanks everyone. I'll try AL Tools first. I thought with Windows
2003 domain account lockout events replicated to all domain
controllers. Is that right?
"Paul Bergson [MVP-DS]" wrote:
Is the account logged into more than one machine or is it running a
service on the same machine? A user could have mapped drives to a
resource from one machine, on a different machine he changes his
password and then the first machine attempts to stay mapped to a
drive and the password is no longer correct and eventually locks
the user out. Or after a password is changed a service is running
that attempts to authenticate with an old password.
To help try and track down where the account is getting locked out
use eventcombMT.exe from the Account Lockout tools found out
Microsoft's website. Use the built in search AccountLockouts and
search in the created text files for the user in question.
http://www.microsoft.com/downloads/details.aspx?FamilyID=7AF2E69C-9
1F 3-4E63-8629-B999ADDE0B9E&displaylang=en
You can also set the debug flag on NetLogon to track
authentication. "This creates a text file on the PDC that can be
examined to determine which clients are generating the bad password
attempts." http://support.microsoft.com/kb/189541
http://support.microsoft.com/kb/109626
--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.
"Chris" <Chris@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:7807D743-B361-4C15-AB82-37FDDBE7B757@xxxxxxxxxxxxxxxx
a user complained that her AD user account got locked up
frequently.
How
can
I troubleshoot what the cause could be? Maybe she changed her
password
and
some software is still using the old one. Anyway, need to find a
way to
tell
what is the cause and where it's from (the machine).
Thanks.
.
- References:
- Re: user account locked up frequently
- From: Chris
- Re: user account locked up frequently
- Prev by Date: Re: How can I test a GPO is working on XP
- Next by Date: Re: migrate domain controleur to 2008
- Previous by thread: Re: user account locked up frequently
- Next by thread: Re: Help with secondary email address setup in W2K AD and Exchange 200
- Index(es):
Relevant Pages
|
