Domain Admin Account lockout

Home Forums Microsoft Networking and Management Services Active Directory Domain Admin Account lockout

This topic contains 9 replies, has 6 voices, and was last updated by  totoy bato 10 years, 1 month ago.

Viewing 10 posts - 1 through 10 (of 10 total)
  • Author
    Posts

  • NonoRonuel
    Member
    #135235

    Hi Sirs i have a problem.. My account is a member of the domain admins group and the Domain Local Administrator. But for some reason my account still gets locked out. We have a a domain wide Password Policy but i filtered my account so that i will not be locked out and and dont have to change password because i am the administrator. Am i missing something here? DC Policy and Domain Local Policy is not linked in any OU.

    Thanks


    ]SK[
    Member
    #310611

    Re: Domain Admin Account lockout

    This policy is normally applied at the domain level. You can use Group Policy Management tool to see what policies will be applied to user or computer.


    Akila
    Member
    #314729

    Re: Domain Admin Account lockout

    this usually happens when you change the user’s password and you also using this user as a service account (running some services with this user).


    NonoRonuel
    Member
    #314134

    Re: Domain Admin Account lockout

    Akila;122465 wrote:
    this usually happens when you change the user’s password and you also using this user as a service account (running some services with this user).

    I just changed the administrator password. Could this be the cause?


    Dumber
    Member
    #198288

    Re: Domain Admin Account lockout

    Well I hope you don’t use the administrator account as your useraccount?


    NonoRonuel
    Member
    #314135

    Re: Domain Admin Account lockout

    Dumber;122554 wrote:
    Well I hope you don’t use the administrator account as your useraccount?

    No Sir i dont use the administrators account to manage the server. I use my account but Im a member of Domain admins and Administrators Group. I really dont know why my account locks out. I filtered my self to all possible GPO’s but still my account locks out.


    totoy bato
    Member
    #328007

    Re: Domain Admin Account lockout

    Hello NonoRuel;

    We have to check first what “are” the policies that may affect to your lockout problem

    First Logon to any computer using your “account”
    at the command prompt type this command

    gpresult /z

    Once the result is done you can check the policy that possible affects on your account.

    Hope it helps


    f21
    Member
    #319310

    Re: Domain Admin Account lockout

    The lockout policy is a computer policy, not an account policy. That’s why excluding your “account” from policy won’t do anything unless you exclude all other computers as well.

    Try using lockoutstatus.exe (from microsoft) to find out exactly what is locking your account out. It will show you which DC initiated the lockout w/ the exact time. Check your DC security logs on that specific DC using that time to see what workstation or service has been putting in the bad auth requests. HTH

    Mods, I’m not trying to hijack this thread, but I think our problem sounds like the exact the same, so please let me know if I need a separate thread for this.

    We are having a similar issue with the built-in administrator account getting locked out. (yes I know it shouldn’t be used, but we have a few legacy services that require it, that we’re trying to phase out) Used tool passprop.exe from the 2000 server resource kit:

    passprop /noadminlockout

    It continues to lock out on failed authentication attempts. Any ideas?


    NonoRonuel
    Member
    #314136

    Re: Domain Admin Account lockout

    totoy bato;124145 wrote:
    Hello NonoRuel;

    We have to check first what “are” the policies that may affect to your lockout problem

    First Logon to any computer using your “account”
    at the command prompt type this command

    gpresult /z

    Once the result is done you can check the policy that possible affects on your account.

    Hope it helps

    Pareng totoy bato i really dont know what else is locking me out. Because im blocking all policy from my OU. Anyway thanks all for the help..im still observing..


    Dumber
    Member
    #198349

    Re: Domain Admin Account lockout

    Well I think you shouldn’t looking for that.
    Why do you care? IF you’ve been locked out, you just type your password wrong multiple times.
    AFAIK only the administrator account cannot be locked out and the rest can be by design.

Viewing 10 posts - 1 through 10 (of 10 total)

You must be logged in to reply to this topic.