Thursday, July 26, 2012

finding the root cause of an account lockout

finding the root cause of an account lockout


I had an interesting case today where a user repeatedly got locked out even after

1.       Unlocking the user

2.       Resetting the password

3.       Resetting the password to the older password a user used to use

4.       Shutting down all of the machines the user was using at the moment



This did not fix the issue. In order to track what service is sending the user’s malicious password, I did the following:



1.       Turn on debug logging for the Net Logon service on the domain controller
http://support.microsoft.com/kb/109626

Note: This method cannot work on other DC’s as any bad password request is automatically forwarded to the domain controller with “PDC Emulator Role”
Warning: this will take up alot of the resources on the DC, so you have to be careful

2.       Reset the user’s password and unlocked the user.

3.       Wait around 10 minutes

4.       Navigate to C:\Windows\Debug and locate the file called netlogon.log

5.       Look for the username by doing ctrl+F





In this particular case, the user was not even logged on the computer. it was a network drive the user mapped for another user's session.  hope i don't have to do this again!!



To see multiple different things that can cause automatic lock out, see the article below

http://technet.microsoft.com/en-us/library/cc773155.aspx





thanks,

Rocky
Posted by at
Labels: , , ,

4 comments:

  1. UnknownMarch 9, 2016 at 8:07 PM

    1year product key for windows 7 enterprise for free , genuine key for norton 2012 worked , window 7 home key , office 2016 professional plus product key , keys for genuine windows 7 , windows 7 ultimate product key free , windows 7 ultemate key , windows 10 product key , s0JKfH

    ReplyDelete
    Replies
    1. AnonymousMay 13, 2016 at 2:07 AM

      windows 10 serial key how to find , windows 10 product key surface , windows 10 professional key , windows 7 activation key , windows 10 product key code , windows 10 product key in bios , wholesale cd keys microsoft publisher , microsoft project professional 2010 key wont work , wd3mjA

      office 2013 product key

      windows 10 enterprise key

      vmware workstation 11 to buy

      Delete
  2. UnknownJune 13, 2016 at 9:52 PM

    Well summarized !
    Thanks for sharing this with us.
    I will add one more informative article which provides step-wise instructions to identify the source of account lockout in active directory - Identify the source of Account Lockouts in Active Directory

    ReplyDelete
  3. abbagaleobergMarch 4, 2022 at 2:37 AM

    Poker Bonus Code 2021 - KJR Hub
    Poker Bonus Code: KJR. Click to claim $50 no deposit bonus · 광주광역 출장마사지 Play live poker games 남양주 출장샵 and earn $20 free at Slots.lv. · 울산광역 출장샵 Earn a Free Spin 광명 출장샵 of up to $500 at Slots.lv and 하남 출장안마 $30

    ReplyDelete

Subscribe to: Post Comments (Atom)