Home > IT Answers > Windows Server > Domain Controller in Windows Server 2003
Abibam01
10 pts.
 Domain Controller in Windows Server 2003
Domain Controller, Windows Server 2003, Windows server administration, Windows Server User Profiles
Hi, Pls I have a challenge with my Domain Controller. Recently, the DC just lock-out users' accounts ndiscriminately (i mean a user log-on today and wake up tommorrow and the account is locked out). I have to unlock users' account almost everyday. Pls what is responsible for this and what can I do?

Note: This was not happening before and I did not configure any security setting to warrant this.



Software/Hardware used:
Windows 2003
ASKED: September 7, 2009  9:17 AM
UPDATED: September 8, 2009  1:00 PM
RELATED QUESTIONS
Answer Wiki:
By default Windows 2003 domains will lock a computer out if the incorrect password is used enough times. Sounds like someone is attempting to break into your domain through VPN, Outlook Web Access, or some other services which is exposed on the Internet. ===================== It is very likely that there is some malware running loose on your network. We have seen the same thing happen due to virus infected machines. Take a look at my blog <a href="http://itknowledgeexchange.techtarget.com/it-trenches/tracking-down-that-usercomputer-that-locks-ad-accounts/">Tracking down that user/computer that locks AD accounts</a>. It could take a while to track down and correct the source of the problem if you have a very distributed environment (like we do).
Last Wiki Answer Submitted:  September 8, 2009  11:35 am  by  Denny Cherry   64,520 pts.
All Answer Wiki Contributors:  Denny Cherry   64,520 pts.
To see all answers submitted to the Answer Wiki: View Answer History.


RSS - Discussions Help
Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

 

Have you made any changes lately to your AD environment?
Do you have any policies that could be at fault?
anything realy to help in finding the solution……

Gabe9527
 10,615 pts.
 

This may help you in finding out what is happening….

Account Lockout Tools
http://technet.microsoft.com/en-us/library/cc738772%28WS.10%29.aspx

This will give you the following informaiton

# DC Name: Displays all domain controllers that are in the domain.
# Site: Displays the sites in which the domain controllers reside.
# UserState: Displays the status of the user and whether that user is locked out of their account.
# Bad Pwd Count: Displays the number of bad logon attempts on each domain controller. This value confirms the .domain controllers that were involved in the account lockout.
# Last Bad Pwd: Displays the time of the last logon attempt that used a bad password.
# Pwd Last Set: Displays the value of the last good password or when the computer was last unlocked.
# Lockout Time: Displays the time when the account was locked out.
# Orig Lock: Displays the domain controller that locked the account (the domain controller that made the originating write to the LockoutTime attribute for that user).

With this you might get hints as to what is doing this.

Gabe9527
 10,615 pts.