Announcement

Collapse
No announcement yet.

Domain Admin Account lockout

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Domain Admin Account lockout

    Hi Sirs i have a problem.. My account is a member of the domain admins group and the Domain Local Administrator. But for some reason my account still gets locked out. We have a a domain wide Password Policy but i filtered my account so that i will not be locked out and and dont have to change password because i am the administrator. Am i missing something here? DC Policy and Domain Local Policy is not linked in any OU.

    Thanks
    Ronuel
    MCP
    There is only one way to find Out..Its to try it and/or Do it...

  • #2
    Re: Domain Admin Account lockout

    This policy is normally applied at the domain level. You can use Group Policy Management tool to see what policies will be applied to user or computer.
    Please remember to leave positive reputation points (The Ying Yang Icon) if someone helps you.

    Comment


    • #3
      Re: Domain Admin Account lockout

      this usually happens when you change the user's password and you also using this user as a service account (running some services with this user).

      Comment


      • #4
        Re: Domain Admin Account lockout

        Originally posted by Akila View Post
        this usually happens when you change the user's password and you also using this user as a service account (running some services with this user).
        I just changed the administrator password. Could this be the cause?
        Ronuel
        MCP
        There is only one way to find Out..Its to try it and/or Do it...

        Comment


        • #5
          Re: Domain Admin Account lockout

          Well I hope you don't use the administrator account as your useraccount?
          Marcel
          Technical Consultant
          Netherlands
          http://www.phetios.com
          http://blog.nessus.nl

          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
          "No matter how secure, there is always the human factor."

          "Enjoy life today, tomorrow may never come."
          "If you're going through hell, keep going. ~Winston Churchill"

          Comment


          • #6
            Re: Domain Admin Account lockout

            Originally posted by Dumber View Post
            Well I hope you don't use the administrator account as your useraccount?
            No Sir i dont use the administrators account to manage the server. I use my account but Im a member of Domain admins and Administrators Group. I really dont know why my account locks out. I filtered my self to all possible GPO's but still my account locks out.
            Last edited by NonoRonuel; 26th September 2008, 04:51.
            Ronuel
            MCP
            There is only one way to find Out..Its to try it and/or Do it...

            Comment


            • #7
              Re: Domain Admin Account lockout

              Hello NonoRuel;

              We have to check first what "are" the policies that may affect to your lockout problem

              First Logon to any computer using your "account"
              at the command prompt type this command

              gpresult /z

              Once the result is done you can check the policy that possible affects on your account.

              Hope it helps

              Comment


              • #8
                Re: Domain Admin Account lockout

                The lockout policy is a computer policy, not an account policy. That's why excluding your "account" from policy won't do anything unless you exclude all other computers as well.

                Try using lockoutstatus.exe (from microsoft) to find out exactly what is locking your account out. It will show you which DC initiated the lockout w/ the exact time. Check your DC security logs on that specific DC using that time to see what workstation or service has been putting in the bad auth requests. HTH

                Mods, I'm not trying to hijack this thread, but I think our problem sounds like the exact the same, so please let me know if I need a separate thread for this.

                We are having a similar issue with the built-in administrator account getting locked out. (yes I know it shouldn't be used, but we have a few legacy services that require it, that we're trying to phase out) Used tool passprop.exe from the 2000 server resource kit:

                passprop /noadminlockout

                It continues to lock out on failed authentication attempts. Any ideas?

                Comment


                • #9
                  Re: Domain Admin Account lockout

                  Originally posted by totoy bato View Post
                  Hello NonoRuel;

                  We have to check first what "are" the policies that may affect to your lockout problem

                  First Logon to any computer using your "account"
                  at the command prompt type this command

                  gpresult /z

                  Once the result is done you can check the policy that possible affects on your account.

                  Hope it helps
                  Pareng totoy bato i really dont know what else is locking me out. Because im blocking all policy from my OU. Anyway thanks all for the help..im still observing..
                  Last edited by NonoRonuel; 28th September 2008, 07:51.
                  Ronuel
                  MCP
                  There is only one way to find Out..Its to try it and/or Do it...

                  Comment


                  • #10
                    Re: Domain Admin Account lockout

                    Well I think you shouldn't looking for that.
                    Why do you care? IF you've been locked out, you just type your password wrong multiple times.
                    AFAIK only the administrator account cannot be locked out and the rest can be by design.
                    Marcel
                    Technical Consultant
                    Netherlands
                    http://www.phetios.com
                    http://blog.nessus.nl

                    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                    "No matter how secure, there is always the human factor."

                    "Enjoy life today, tomorrow may never come."
                    "If you're going through hell, keep going. ~Winston Churchill"

                    Comment

                    Working...
                    X