No announcement yet.

locked account

  • Filter
  • Time
  • Show
Clear All
new posts

  • locked account


    One of my admin accounts in the Active Directory is being locked after I changed the password, and I think it is because a service is running with the old password.

    How can I find which computer is trying to access this account with worng password? (I need the computer name)


  • #2
    Re: locked account

    I think you've learnt a valuable lesson here. Always use service accounts with non-expiring passwords!

    You could check the security log on all your DC's and search for account lock out events (Sure there must be an event ID)

    How many servers do you have that could be configured with this account?

    Michael Armstrong
    MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **


    • #3
      Re: locked account

      You might also want to see if you can find an event for a failed service or even if you can determine which service failed, due to something not working. Perhaps there might be something logged on/to the helpdesk? (Helpdesk = another log)
      I don't know anything about (you or your) computers.
      Research/test for yourself when listening to free advice.


      • #4
        Re: locked account

        Michael - I an not the only person who work on the servers, and there is a service account, but not everyone use it. about the eventlog, I can see the faild login, but I cant see the computer Name. its show me always the DC computer name, and I have about 50 servers

        Maebe - Good Idea. I'll check it.


        • #5
          Re: locked account

          Download a program called Dameware Utilities. It has a function to enumerate and export a list of all services on all servers and will show you what account is configured for which service on each server.