AD accounts locking up every minute

By geraldo.cruz ·
Hi there,
I?m having big problems on my domain. user accounts are being locked up, almost every single minute, and I cant find to get a solution for this. I suspect to be a virus, but dont know how to trace it, as I run Symantec endpoint, and nothing has been found.
Hopefully I found on this site the brilliant tool to check and unlock accounts (unlock.exe) which is helping me alot and saving me extra work, but what I really wanted in to understand why this is happening.


This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -


by Mehul Bhai In reply to AD accounts locking up ev ...

Check if any of the services in the systems run logged in as with Users' Account instead of System Account. The problem you mention happens when system services exists with logon credential of Users instead of System Account and users change their domain password. The password of the Users is then changed in the Domain Controller and Services still try to logon with the old password, as the password in the services credentials are and will not get changed. I used to face such problems too much in my organization. Then I changed the Services Logon Credentials to System Account. The problem stopped recurring.
Please let us know the status after checking and modifying the settings, if any, if your problem is solved.

Collapse -

What Services

by geraldo.cruz In reply to Services!!!???

Hi, there are a lot of services, so I?m not sure what service to look for. if you could give me some more tips will be gratefull.

Collapse -

What Services!!!???

by Mehul Bhai In reply to What Services

Check all Services Properties and decide.

Collapse -

Internal or External?

by Spitfire_Sysop In reply to AD accounts locking up ev ...

The security audit should tell you what IP these logon attempts are coming from. That can help you track down the program/service or infected computer. If it is external try blocking internet traffic at the firewall until you can figure out what is going on.

Collapse -

Baseline Security Analyzer

by Spitfire_Sysop In reply to AD accounts locking up ev ...

Check this little program out:

it's a M$ tool that will help you keep your security settings in line with best practice guidelines.

Collapse -

locked up or locked out?

by CG IT In reply to AD accounts locking up ev ...

please clarify what you mean by "locked up".

Back to Malware Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums