User Account Locked Out!!

Discussion in 'Active Directory' started by millin, Feb 1, 2008.

  1. millin

    millin Guest

    Hi All,

    I am having a small problem with the one of the user accounts.
    This particular user log on to two different PC's one running on XP and the
    other running on 2000.

    The problem strats occuring whenever you have to change the password after
    42 days(default).Once he changed the password in one m/c, he has been locked
    out to log on to the other m/c(2000).

    thanks

    mil
     
    millin, Feb 1, 2008
    #1
    1. Advertisements

  2. Is the account logged into more than one machine or is it running a service
    on the same machine? A user could have mapped drives to a resource from one
    machine, on a different machine he changes his password and then the first
    machine attempts to stay mapped to a drive and the password is no longer
    correct and eventually locks the user out. Or after a password is changed a
    service is running that attempts to authenticate with an old password.

    To help try and track down where the account is getting locked out use
    eventcombMT.exe from the Account Lockout tools found out Microsoft's
    website. Use the built in search AccountLockouts and search in the created
    text files for the user in question.

    http://www.microsoft.com/downloads/...9C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en
     
    Paul Bergson [MVP-DS], Feb 1, 2008
    #2
    1. Advertisements

  3. You have to find the process running as that user. It could be a drive
    mapping or a scheduled task,
    Anthony
    http://www.airdesk.com
     
    Anthony [MVP], Feb 1, 2008
    #3
  4. millin

    millin Guest

    The account is running on two different m/c's(one is a XP and the other 2000).
    Let me run the tool(eventcombMT.exe).
    I am assuming the lock out is caused by nework mapped drive.
    Once I ran this tool how can I solve this issue cause this user has to run
    his profile
     
    millin, Feb 4, 2008
    #4
  5. millin

    millin Guest

    Hi Anthony,

    I don't understand can you elaborate please.
    This particular user is a user in many security groups and have many shared
    network drives he can access.

    I ran the account lockout tool in one of the m/c(i.e;2000) it comes up with
    no account has been locked out as a result.But still he cannot log on to the
    windows 2000 m/c while he logged on to the XP M/C.
     
    millin, Feb 4, 2008
    #5
  6. Just make sure any services or accounts have the password changed
     
    Paul Bergson [MVP-DS], Feb 4, 2008
    #6
  7. millin

    millin Guest

    Yes I have reset the password for the particular user account couple of days
    ago using ADUC,since then he can log on to either XP or 2000,whichever he
    logs on first.
     
    millin, Feb 4, 2008
    #7
  8. But there is something else using that account which is locking him/her out.
     
    Paul Bergson [MVP-DS], Feb 4, 2008
    #8
  9. millin

    kj [SBS MVP] Guest

    (OP) Check for ODBC configured connections. Unusual to have Administrator,
    but it wouldn't surprise me.
     
    kj [SBS MVP], Feb 4, 2008
    #9
  10. millin

    millin Guest

    This particular user has the local admin privilege,so I don't think any
    database connectivity causing the same problem.

    As I said instead of logging on to the XP if you first log on to the windows
    2000 it will be fine but it will lock the user locking from logging on to the
    XP m/c(also the same for other way around).
    It's kind of strange problem!!!
    I am really getting no idea ?
     
    millin, Feb 5, 2008
    #10
  11. use NETLOGON debug logging

    Enabling debug logging for the Net Logon service
    HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\DBFlag
    DBFlag = 0x2080FFFF (in: %windir%\debug\netlogon.log)


    google for NETLOGON debug logging and you will find more info

    --

    Cheers,
    (HOPEFULLY THIS INFORMATION HELPS YOU!)

    # Jorge de Almeida Pinto # MVP Windows Server - Directory Services

    BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
    BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx
     
    Jorge de Almeida Pinto [MVP - DS], Feb 7, 2008
    #11
  12. millin

    millin Guest

    Thanks for the solution.let me run the netlogon.log first and see what
    happens!!
     
    millin, Feb 8, 2008
    #12
  13. Very interesting Jorge. Thanks for the tip.



    "Jorge de Almeida Pinto [MVP - DS]"
     
    Paul Bergson [MVP-DS], Feb 8, 2008
    #13
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.